Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
December 13, 2019.
By the CyberWire staff
Researchers at Anomali describe a phishing campaign apparently intended to harvest credentials from some twenty-two government agencies and government contractors in several countries around the world. US targets have received the most attention, but Australia, China, Japan, Mexico, Peru, Poland, and Sweden were also prospected. No one, ZDNet says, has any idea who's behind the operation or what their ultimate objective might be. The US targets include the Departments of Commerce, Energy, and Veterans Affairs.
Forbes reports that Group-IB is investigating compromises of Telegram accounts belonging to a number of Russian entrepreneurs. Attribution in this case is also mysterious, but Group-IB doesn't think the incidents involve any flaw in the messaging app. The researchers do note that Telegram credentials are being widely traded in the dark web.
In the course of its investigation of exploits leaked by the ShadowBrokers, Zscaler has found a botnet it's calling "BuleHero" that excels at lateral movement within its targets.
TechDirt reports that Representative Ro Khanna (Democrat of California, representing Silicon Valley) sent a pro-encryption letter to Senator Graham (Republican of South Carolina, who's running the Judiciary Committee's hearing on encryption). Representative Khanna also attached a letter from Pentagon CIO Dana Deasy that stressed the importance and value of strong, end-to-end encryption.
In the US, NSA's inspector general has found deficiencies in the agency's data retention procedures: some signals intelligence data have been retained beyond limits established by law and policy. The agency accepted the findings and is working to bring its procedures into compliance.
Today's issue includes events affecting Australia, Canada, China, Japan, Mexico, Peru, Poland, Russia, Sweden, United Kingdom, United States.
Bring your own context.
Thinking about connectivity in toys and other gifts you're buying for children?
"You know, I think anyone who's spoken to me in the last few years has heard me express some of my concerns about the amount of child data that's showing up in some of these criminal marketplaces and that we need to be thinking critically about the way that children are having their information captured or exploited by criminals. And I think it's a good time to remind people that while you should be cautious about gifting any kind of connected device - and I think my colleagues in the cybersecurity space would agree - you should be particularly careful when you think about connected devices for children.
"And by connected devices, I mean anything that is going to be able to collect data on your child or the child you're gifting it to that might require some sort of account creation. These devices may seem harmless, and they may go entirely uncorrupted by cybercriminals. But the more opportunities that we have to collect data on children, the more viable a consumer class they become effectively.
"And if we're kind of collecting data on them from a very early age, that's more data that can be exposed eventually. It's more data available to cybercriminals. It's more data available to marketing firms. And children aren't in a position to make informed, consensual decisions about their data collection and their data usage. And so we need to be careful in the ways that we do that for them."
—Emily Wilson, VP of research at Terbium Labs, on the CyberWire Daily Podcast, 12.11.19.
Meet the team of leading experts dedicated to making the world a safer place.
If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Lancaster University as Daniel Prince talks about the use of cybersecurity testbeds for IoT research. Our guest is David Belson from the Internet Society, and he discusses the implications of Russia's “sovereign Internet” law.
Michigan family says hacker was talking to them through security system in their home (WWMT) Some people put security cameras outside and inside their homes to protect themselves, but if you're not careful, tech experts said those cameras can actually give hackers an inside look. Multiple families across the country including one in Freeland, Michigan, have reported their security cameras inside their home were hacked. These families said the hackers are speaking to them through the security cameras. Some people put security cameras outside and inside their homes to protect themselves.
VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems(BleepingComputer) The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.
Philips IntelliBridge EC40/80 (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.3
ATTENTION: Low skill level to exploit
Equipment: IntelliBridge EC40 and EC80
Vulnerability: Inadequate Encryption Strength
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSMA-19-318-01 Philips IntelliBridge EC40/80 that was published November 14, 2019, on the ICS webpage on us-cert.gov.
Omron PLC CJ, CS and NJ Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: PLC CJ, CS and NJ Series
Vulnerability: Improper Restriction of Excessive Authentication Attempts
Omron PLC CJ and CS Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: PLC CJ and CS Series
Vulnerabilities: Authentication Bypass by Spoofing, Authentication Bypass by Capture-replay, Unrestricted Externally Accessible Lock
Advantech DiagAnywhere Server(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: DiagAnywhere Server
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow remote code execution.
PLC Cycle Time Influences (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO
Equipment: Programmable Logic Controllers
Vulnerability: Uncontrolled Resource Consumption
Security Patches, Mitigations, and Software Updates
Microsoft Security Essentials to Die with Windows 7 in January(HOTforSecurity) Microsoft says it doesn’t plan to provide security updates for the Microsoft Security Essentials component integrated into Windows 7 after the operating system reaches its end of life in a little over five weeks. The life of Windows 7 is set to...
42 More Cybersecurity Predictions For 2020(Forbes) From disrupting elections to targeted ransomware to privacy regulations to deepfakes and malevolent AI, here are additional 42 predictions from senior cybersecurity executives
Deloitte obtains blockchain services firm in Southeast Asia(International Comparative Legal Guides International Business Reports) Big Four professional services firm Deloitte Touche Tohmatsu Limited (Deloitte) has announced that the founders and employees of Singapore-based digital consultancy firm Practical Smarts have joined its risk advisory practice in Southeast Asia, forming part of the Deloitte Asia Pacific Blockchain Lab (the Lab).
Netskope Partners with Dell to Help Customers Reimagine Their Security Perimeter(Netskope) Today’s modern workforce is constantly on the move and employees consume thousands of web and cloud services via mobile and personal devices; both inside and outside the office. The rapid expansion of mobile devices means that users, applications, devices, and data exist outside of traditional perimeters more often than inside. As a result, the business …
Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance(Electronic Frontier Foundation) It's time to shed light on the technical methods and business practices behind third-party tracking. For journalists, policy makers, and concerned consumers, this paper will demystify the fundamentals of third-party tracking, explain the scope of the problem, and suggest ways for users and legislation to fight back against the status quo.
Lessons from the NSA: Know Your Assets(Dark Reading) Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.
Senate bill would give DHS cyber agency subpoena powers(TheHill) Two senators unveiled bipartisan legislation on Thursday that would give the Department of Homeland Security’s (DHS) cyber agency the ability to subpoena internet service providers to increase transparency about cyber vulnerabilities.
Defense bill limits commerce secretary's ability to remove Huawei from Entity List(Inside Defense) The fiscal year 2020 defense authorization conference bill includes language requiring congressional notification before the commerce secretary can remove Huawei from the "Entity List" restricting sales of U.S. components to the Chinese telecom, a procedural hurdle added to the bill amid congressional concerns over the Trump administration's commitment to maintaining a hard line on the cyber threat from China.
When should the Pentagon update its rules on autonomous weapons?(C4ISRNET) A prominent group of national security thinkers is questioning if the Pentagon’s policy on developing autonomous weapons needs to be updated to more accurately reflects current technology and the greater role artificial intelligence is expected to play in future conflicts.
The FBI didn't commit 'errors and omissions.' It abused its power(Washington Examiner) The FBI sought a warrant to wiretap a U.S. citizen and, in effect, a U.S. presidential campaign, based on a shoddy Democrat-funded pile of conspiracy theories known as the Steele dossier. The dossier's allegations against then-candidate Donald Trump were based on "multiple layers of hearsay upon…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.