Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
At Blue Hat last week Microsoft's Security Response Center said that risks from delaying one of its patches by even thirty days are now lower than the risk of being hit by a zero-day, ComputerWorld reports. Zero-days are also now much more likely to be used in highly targeted attacks than they are in mass public campaigns. These developments reflect a shift in attacker culture, approach, and capability. Microsoft also credits its own improved product security with responsibility for the change: it's harder to weaponize a patched bug now than it used to be. Still, patch. Redmond said, as ZDNet observes, that you'll still get hit if you disregard patching for too long. Eventually the skids will get around to you.
Russia will proceed with a test of the autarkic Internet its proposed Digital Economy National Program mandates. ZDNet calls it a plan to "disconnect from the Internet," which in a way it is, but it's also a measure designed to give the country's online infrastructure the resilience to cope with full-on cyber warfare. No date has been announced, but the test is expected to be complete before April.
Fortune and others report that US President Trump may sign an Executive Order banning Chinese equipment from US mobile networks as early as this week.
US Federal prosecutors are looking into allegations the National Enquirer attempted to blackmail Amazon founder Jeff Bezos, the AP reports.
Today's issue includes events affecting Australia, Canada, China, Czech Republic, Estonia, European Union, Greece, Hungary, India, Israel, Italy, Lithuania, NATO/OTAN, North Macedonia, Norway, Poland, Russia, Saudi Arabia, Switzerland, Uganda, United Kingdom, United States, and Venezuela.
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver(Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Rapid Prototyping Event: The Needles in the Haystack(Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.
CYBERTACOS RSA(San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
Cyber Attacks, Threats, and Vulnerabilities
AP Exclusive: Undercover spy exposed in NYC was 1 of many(AP NEWS) When mysterious operatives lured two cybersecurity researchers to meetings at luxury hotels over the past two months, it was an apparent bid to discredit their research about an Israeli company that makes smartphone hacking technology used by some governments to spy on their citizens. The Associated Press has now learned of similar undercover efforts targeting at least four other individuals who have raised questions about the use of the Israeli firm's spyware.
Venezuelan Foreign Ministry under cyber attacks(New Kerala) The Venezuelan embassy in Moscow on Thursday reported that the websites of Venezuelan Foreign Ministry in various countries across the globe were under threat of cyber attacks.
Super Mario Oddity(Security Boulevard) A few days ago, I was investigating a sample piece of malware where our static analysis flagged a spreadsheet as containing a Trojan but the behavioural trace showed very little happening. This is quite common for various reasons, but one of the quirks of how we work at Bromium is that we care about getting malware to run and The post Super Mario Oddity appeared first on Bromium.
Coinminer Targets Linux, Kills Competition to Maximize Profits(BleepingComputer) A new coinminer malware strain which targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner has been observed while searching for and killing other Linux malware and coin miners present on the compromised machine.
How Bezo's d[**]k pics might've been exposed(Security Boulevard) In the news, the National Enquirer has extorted Amazon CEO Jeff Bezos by threatening to publish the sext-messages/dick-pics he sent to his mistress. How did the National Enquirer get them? There are rumors that maybe Trump's government agents or the "deep state" were involved in this sordid mess. The more likely explanation is that it was a simple hack.
Wells Fargo Systems Issues Linger For Second Day(Wall Street Journal) Wells Fargo scrambled to deal with a systems problem that hampered the bank’s online and mobile banking platforms Thursday and Friday. The bank has been restoring operations and is extending branch hours to handle customer questions about the issues.
Security Patches, Mitigations, and Software Updates
Microsoft: Watch out for zero days; deferred patches, not so much(Computerworld) Yesterday’s Blue Hat IL presentation from MSRC shows that, in 2017-18, the threat from zero days far exceeds the threat of delaying patches by 30 days. Moreover, the vast majority of zero days are used in targeted attacks, not in public attacks.
$132.73 Million in Sales Expected for Secureworks Corp (SCWX) This Quarter(Fairfield Current) Analysts forecast that Secureworks Corp (NASDAQ:SCWX) will report $132.73 million in sales for the current quarter, according to Zacks. Four analysts have made estimates for Secureworks’ earnings. The highest sales estimate is $133.00 million and the lowest is $132.53 million. Secureworks reported sales of $120.65 million during the same quarter last year, which indicates a […]
How Governments are Running Effective Bug Bounty Programs(Bugcrowd) If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have become pervasive. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe
The struggle behind predicting a cyberattack(Fifth Domain) Government agencies, including the intelligence community and its research arm, increasingly want to predict cyber attacks through machine learning. But a new study casts doubt on the effectiveness of that technique.
Lithuania set to ban fake news from Russia(Deutsche Welle) Lithuanian lawmakers want to outlaw spreading distrust of the state and attempts to distort historical memory. Critics say the bill to crack down on disinformation equates investigative journalism with propaganda.
US strikes back at Russia in cyberspace warfare(The Manila Times Online) With little public fanfare, US Cyber Command, the military’s new center for combating electronic attacks against the United States, has launched operations to deter and disrupt Russians who have been meddling with the US political system. Like other US cyberwar activities, this ef
View Cyber Defenses Exactly the Same as Military (Newsmax) Technological advances in our modern world dictate that our cyber defenses should be viewed in the same vein as our military defenses. This shift in philosophy may one day save America from catastrophic disaster.
Shield our children from this betting poison(Times) A 12-year-old drags on a Marlboro Red; an 11-year-old holds a lighter under a spoonful of crack; a ten-year-old sinks two pints of lager. Something in us recoils at the collision of innocence and...
Privacy is a commons(TechCrunch) “The commons is the cultural and natural resources accessible to all members of a society,” quoth Wikipedia, “held in common, not owned privately.” We live in an era of surveillance capitalism in a symbiotic relationship with advertising technology, quoth me. And I put it to…
Huge Intel Leadership Shifts: New Directors For NRO, NGA(Breaking Defense) The low grading noise you could barely hear yesterday was the sound of the tectonic plates of American intelligence shifting as the National Geospatial Intelligence Agency and the National Reconnaissance Agency got new directors.
Saudi Arabia denies involvement in leak of Jeff Bezos’ private messages(TechCrunch) In his extraordinary Medium post last week accusing American Media Inc of “extortion and blackmail,” Bezos hinted (but did not explicitly state) that there may be a connection between Saudi Arabia and the publication of his personal messages with Lauren Sanchez. Now Saudi Arabia’s minister of forei…
Is Europe closing in on an antitrust fix for surveillance technologists?(TechCrunch) The German Federal Cartel Office’s decision to order Facebook to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power. One European Commission source we spoke to, who was commenting in a personal capacity, de…
Sprint Accuses AT&T of False Advertising of 5G Service (Wall Street Journal) Sprint Corp. has sued AT&T Inc. over a branding campaign that it says falsely tells customers they are receiving 5G service on their smartphones, escalating marketing wars between carriers over the next generation of wireless networks.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
Suits and Spooks AI Summit(Washington, DC, USA, March 29, 2019) This AI conference will cover deep learning, challenges of explainability and predictability, hardware hacking of AI devices, deep penetration, the effect of machine learning on geospatial applications,...
IP Expo Manchester(Manchester, England, UK, April 3 - 4, 2019) The event will showcase industry leaders and those at the forefront of technology, to encourage debate and inform attendees on the critical technological issues affecting modern business. IT and cyber...
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
3rd Next Generation Cyber Security for Utilities(Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...
BSides Huntsville(Huntsville, Alabama, USA, February 15 - 16, 2019) The fun and cheap way to earn CEU's. Instead of paying way too much to listen to some guy in a suit try and sell you something, you can pay just a few bucks to hear actual programmers and hackers talk...
Border Security: Physical Wall vs. Virtual Wall(Arlington, Virginia, USA, February 18, 2019) Marymount University ISACA Student Group (MUISG) has its CyberNight at MU scheduled for 9 March 2019 from 6-8pm. Panelists will discuss Border Security: Physical vs Virtual Wall. This is an educational...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.