Don’t slow down development for application security.
We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.
December 18, 2019.
CyberWire Pro, coming in 2020.
We're pleased to offer another reminder that our new subscription program, CyberWire Pro, will launch early in 2020. For cyber security professionals and others who want to stay abreast of this rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
CyberX researchers have described a cyber espionage campaign that's evidently designed to steal sensitive data, especially design information, from manufacturers. CyberX calls it "Gangnam Industrial Style," in recognition that South Korean manufacturers have been most heavily hit, with some sixty percent of the victims located in the Republic of Korea. Other countries affected include (in rough order of the attention they received from the APT) Thailand, China, Japan, Indonesia, Turkey, Ecuador, Germany, and the United Kingdom. The attack begins with spearphishing emails carrying plausible bait representing itself as, for example, RFQs or inquiries from buyers. The most common payload is Separ malware, which both harvests credentials and searches for files of interest. The attackers may be after trade secrets in a conventional industrial espionage effort, or they may be looking for industrial system vulnerabilities that could be targeted in subsequent attacks.
Palo Alto Networks' Unit 42 has released a follow-up to its earlier reports on "Rancor," a Chinese cyber espionage unit that pays particular attention to targets in Cambodia. Unit 42 tells CyberScoop that there's an irony beneath the apparent persistence: none of the efforts to penetrate Cambodian networks have been fully successful.
The US Foreign Intelligence Surveillance Court has starchily ordered the FBI to give an account of what it was doing when it requested FISA surveillance authority over Trump advisor Carter Page. The New York Times calls the Justice Inspector General's report on Crossfire Hurricane "damning." A broader IG investigation is in the offing, the Washington Post reports.
Today's issue includes events affecting Cambodia, Canada, China, Czech Republic, Ecuador, Finland, Germany, Indonesia, Japan, Republic of Korea, Russia, Thailand, Turkey, United Kingdom, United States.
Bring your own context.
Information may want to be free, as they used to say, but that's not to say that sovereign Internets will tear down the walls they're busily building. What's the effect of this trend?
"Certainly not a positive one, at least among those countries. For those of us that are interested in a free and open internet, we don't want to see something like this. You know, the other challenge as well is that these efforts ultimately reduce internet resilience as a whole. So the internet is an interconnected network of networks. It only works successfully when everybody is sort of behaving themselves and cooperating. When these things start occurring, it ultimately lowers the resiliency of the global internet. That's a bug, not a feature. Russia may be looking at as a feature, but for everybody else, it's really a problem."
—David Belson, senior director of internet research and analysis at the Internet Society, on the CyberWire Daily Podcast, 12.13.19.
Attention tends to focus on Russian policies, but Russia's not the only country aspiring to Internet sovereignty.
Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Information Security Institute Virtual Information Session(Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.
6th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at http://isi.jhu.edu and click on 6th Annual Cybersecurity Conference for Executives.
Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies(CyberX) Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. The campaign steals passwords and documents which could be used in a number of ways, including stealing trade secrets and intellectual property, performing cyber reconnaissance for future attacks, and …
Sneaker Bots: a Deep Dive(PerimeterX) Explore how sneaker bots work, what methods they use, what a real attack looks like, the damage they cause and how to protect your e-commerce website from them.
Vulnerability Found in TP-Link’s Archer Routers, Now Fixed(CISO MAG) TP-Link’s Archer Router series which is capable of handling high-speed online traffic had a vulnerability that if exploited, could allow hackers to bypass the admin passwords and remotely take control of the devices over the LAN.
Cobots too easy a target for ransomware, alerts Alias Robotics(eeNews Europe) Urging industrial robots manufacturers to implement efficient cybersecurity measures, security researchers from Spanish startup Alias Robotics have demonstrated a Proof of Concept attack consisting in ransomware specifically aimed at industrial collaborative robots.
Industrial robot ransomware: Akerbeltz(eeNews Europe) Cybersecurity lessons have not been learnt from the dawn of other technological industries. In robotics, the existing insecurity landscape needs to be addressed immediately. Several manufacturers profiting from the lack of general awareness are systematically ignoring their responsibilities by claiming their insecure (open) systems facilitate system integration, disregarding the safety, privacy and ethical consequences that their (lack of) actions have. In an attempt to raise awareness and illustrate the ”insecurity by design in robotics” we have created Akerbeltz, the first known instance of industrial robot ransomware. Our malware is demonstrated using a leading brand for industrial collaborative robots, Universal Robots.
Siemens SPPA-T3000(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vulnerabilities: Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted Upload of File with Dangerous Type, Heap-based Buffer Overflow, Integer Overflow or Wraparound, Out-of-bounds Read, Improper Access Control, Stack-based Buffer Overflow, SFP Secondary Cluster: Missing Authentication, Deserialization of Untrusted Data, Information Exposure, Cleartext Transmission of Sensitive Information
GE S2020/S2020G Fast Switch 61850(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.6
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: GE S2020/S2020G Fast Switch 61850
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code and allow disclosure of sensitive data.
Ransomware Hit Over 1,000 U.S. Schools in 2019(BleepingComputer) Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor.
St. Lucie County Sheriff's Office hit by cyber attack(WPEC) The FBI is now working with the St. Lucie County Sheriff's Office to get its computer network back online. The sheriff's office said much of it has been disconnected due to a cyber attack that was discovered early Tuesday morning. 911, emergency services, and dispatch are still online and deputies are carrying out their duties, according to Sheriff Ken Mascara. But the sheriff's office is using paper for recording keeping and day-to-day business.
Google to Restrict App Access to G Suite Accounts(Decipher) Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.
The DHS cyber agency gets massive funding boost(Fifth Domain) Take a look at what Congress wants the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to do as it looks to consolidate its clout as the federal cybersecurity leader.
NYC Mayor’s Aides Communicate in Encrypted Messages (Wall Street Journal) Aides to New York City Mayor Bill de Blasio have exchanged messages via Signal, an encrypted-messaging app. Good-government advocates warn such apps can be used to hide records and communications from the public.
Litigation, Investigation, and Law Enforcement
In Re Accuracy Concerns Regarding FBI Matters Submitted to the FISC(US Foreign Intelligence Surveillance Court) This order responds to reports that personnel of the Federal Bureau of Investigation(FBI) provided false information to the National Security Division (NSD) of the Department of Justice, and withheld material information from NSD which was detrimental to the FBI' s case, in connection with four applications to the Foreign Intelligence Surveillance Court (FISC) for authority to conduct electronic surveillance of a U. S. citizen named Carter W. Page. When FBI personnel mislead NSD in the ways described above, they equally mislead the FISC.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ISSA Central MD Information Security Conference(Columbia, Maryland, USA, February 28, 2020) Information System Security Assocition's Central Maryland Chapter is hosting a day long cybersecurity conference spanning two tracks that'll include topics covering: Leadership in cybersecurity - why it...
2020 Cipher Brief Threat Conference(Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some...
QuBit Belgrade 2020(Belgrade, Serbia, October 1, 2020) Practical workshops, excellent speakers, educational session, news & networking. QuBit consists of one day full of educational presentations, keynotes, case studies and interactive panel discussions in...
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.