What if your security solution could provide zero doubt?
A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.
February 4, 2019.
By the CyberWire staff
Palo Alto Networks’ Unit 42 reports that the Vietnamese threat group OceanLotus (APT32) has deployed a new downloader, KerrDown. It’s typically distributed either through a malicious macro in a Microsoft Office document or by a RAR archive with some DLL side-loading.
Recorded Future believes it has a line on the individual responsible for Collection #1: a cybercriminal known by the nom-de-hack “C0rpz.” The one who calls himself “Clorox” is a poseur; the one who goes by “Sanix” is a reseller. ZDNet points out that C0rpz, Clorox, and Sanix are probably at most aggregators, not hackers, and that, while the data dumps serve as reminder of the importance of sound digital hygiene, they’re not new, and not grounds for panic.
Huawei receives harsher scrutiny as a potential security risk in both Canada and the UK. In the UK, the Telegraph and the Times report recriminations over the Government’s alleged failure to take warnings of Huawei-enabled espionage seriously when it received them six years ago. It’s an open question whether the company’s early advantage in 5G technology that Bloomberg describes will enable it to ride out the international backlash over security.
If RT is any indication, Russia’s information campaign over Venezuela would seem to have begun. The outlet warns that US military intervention may be imminent and would be easy for the US to undertake. Interference in Venezuelan internal affairs would “grossly violate” international law.
KrebsOnSecurity reports that Europol will bring legal action against two-hundred-fifty users of the shuttered DDoS-for-hire Webstresser service.
Today's edition of the CyberWire reports events affecting Australia, Belgium, Canada, China, European Union, Iran, Ireland, Israel, Russia, United Arab Emirates, United Kingdom, Untied States, Venezuela, and Vietnam.
Vendors, suppliers, and independent subsidiaries are gaining more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a new world of risk to your organization. In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.
Cyber Job Fair, Feb 13, San Antonio(San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.
Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver(Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Rapid Prototyping Event: The Needles in the Haystack(Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Tracking OceanLotus’ new Downloader, KerrDown(Unit42) OceanLotus (AKA APT32) is a threat actor group known to be one of the most sophisticated threat actors originating out of south east Asia. Multiple attack campaigns have been reported by number of security organizations in the last couple of years, documenting the tools and tactics used by the threat actor. While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses
Fake news on Twitter during the 2016 U.S. presidential election(Science) There was a proliferation of fake news during the 2016 election cycle. Grinberg et al. analyzed Twitter data by matching Twitter accounts to specific voters to determine who was exposed to fake news, who spread fake news, and how fake news interacted with factual news (see the Perspective by Ruths). Fake news accounted for nearly 6% of all news consumption, but it was heavily concentrated—only 1% of users were exposed to 80% of fake news, and 0.1% of users were responsible for sharing 80% of fake news. Interestingly, fake news was most concentrated among conservative voters.
The parking system cyber attack: 2 cities, 2 stories(CBC) They are two cities of similar size, both victimized in the same cyber attack. But Ames, Iowa, a 26-hour drive from Saint John, had a much different experience after the attacker slipped malicious malware into its parking fine server.
New Scam Holds YouTube Channels for Ransom(BleepingComputer) Scammers are abusing the YouTube policy violation system by filing fake copyright infringements against content creators until their channel is close to being suspended. These scammers then hold the channel ransom by telling YouTubers to send a payment or they will file another copyright infringement to have the channel suspended.
Sextortion Scam Stating Xvideos Was Hacked to Record You Through Webcam(BleepingComputer) A sextortion scam variant is going around that states the popular adult site called Xvideos.com was hacked to include malicious script that records a visitor through their webcam and sends it to the hacker. The scam emails also states that this script was able to connect back to the visitors computer to steal their data and contacts.
Security Patches, Mitigations, and Software Updates
Location matters; with beverages and malware(Avira Blog) Since malware is like going out to a restaurant at times, you might have many of the same questions: Why is my waiter so slow (cryptominers), why the meal was horrible when it was perfect a week ago (HTML infections), and whether it is really important to change the oil in the car before heading out for a night on the town (CVE-2015-2426)?
European telecoms’ dilemma: Huawei or fade away?(Arab News) PARIS: It’s a dilemma for European telecoms firms: Should they steal a march on competitors and rapidly roll out next-generation 5G mobile networks using equipment from top supplier Huawei? Or should they heed US-led warnings of security threats and sit tight, and possibly fall behind? Getting it right will have big consequences as 5G networks are the next milestone in the digital revolution, bringing near-instantaneous connectivity, vast data capacity and futuristic technologies.
UPDATE: Snopes quits and AP in talks over Facebook’s fact-checking partnership(TechCrunch) Two of Facebook's four fact-checking partners in the U.S. have left the program as of the beginning of this year: Snopes, which recently rebuffed reports that its relationship with Facebook was strained, and the Associated Press. Both confirmed they are leaving the program, but left the possibility…
Thales seeks to expand Cyberlab beyond Belgium(Jane's 360) Thales has secured a range of military customers for its ‘Cyberlab’ in Tubize, Belgium, and now plans to roll the concept out to its subsidiaries in other countries, the company has told Jane’s .
The Belgian Cyberlab was established in 2017, with three major functions in mind,
Managing cyber risk in the electric power sector(Deloitte Insights) The power sector is one of the most frequently targeted and first to respond to cyber threats with mandatory controls. But threats continue to evolve, reaching into industrial control systems and supply chains, and requiring even greater efforts to manage risk.
Here’s how DHS prepared to keep hackers out of the Super Bowl - CyberScoop(CyberScoop) When the New England Patriots and Los Angeles Rams kick off in Atlanta on Sunday, a network of at least nine operational centers staffed by city, state, and federal officials will be humming with activity near the stadium to monitor for cyber and physical threats. About 60 employees from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) will be onsite — with a cyber official at each operational center — making it one of the biggest DHS cybersecurity operations at a Super Bowl to date.
Flavors Of Risk And A Better Definition Of Cyber(Forbes) Cyber is an overused prefix. Security has to align with the business better around risk, so let's use the term to mean activities around the most important form of risk: the one that requires real security skills to stop the malicious, Human intelligence threatening the connected world and us all
UCA Cyber Range to Produce Needed Talent(Arkansas Business) The new cyber range at the University of Central Arkansas will complement the school's new bachelor's degree program and deliver to a fast-growing job field the talent it desperately needs to combat cybercrime.
Volunteer Staff Editor Opportunities at the Journal of Law and Cyber Warfare(Journal of Law & Cyber Warfare) The Journal of Law & Cyber Warfare is currently accepting applications from lawyers, law students, CISOs/cyber professionals, government executives, and students to serve as unpaid staff editors for a two-year term (shorter terms may be considered on a case by case basis). This is an excellent opportunity for students to be immersed in a critical area of the law, network with industry experts, and to hone their personal writing and editing skills. Email Business Editor John Kilgore at firstname.lastname@example.org copying Editor-in-Chief Daniel Garrie at email@example.com if you're interested.
Legislation, Policy, and Regulation
Huawei spying alert 6 years ago ‘wholly ignored’(Times) Ministers were warned six years ago about the grave risks of Chinese infiltration of national infrastructure in a report citing Huawei’s involvement in UK telecoms. A leading security academic told...
Facebook warned over privacy risks of merging messaging platforms(TechCrunch) Facebook’s lead data protection regulator in Europe has asked the company for an “urgent briefing” regarding plans to integrate the underlying infrastructure of its three social messaging platforms. In a statement posted to its website late last week the Irish Data Protection Comm…
Duke Energy Broke Rules Designed to Keep Electric Grid Safe (Wall Street Journal) Duke Energy faces a record $10 million fine from federal authorities for serious and pervasive violations of rules designed to keep the nation’s electric system safe from physical and cyber attacks, according to a filing.
250 Webstresser Users to Face Legal Action(KrebsOnSecurity) More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
3rd Next Generation Cyber Security for Utilities(Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.