A defensive security posture is no match against today’s sophisticated adversaries—your organization needs to take a proactive approach to address these threats. To be successful, analysts need to understand the tactics, techniques, and procedures used against your organization. The key to understanding the adversary’s motives and patterns? Threat modeling, risk scoring, and gap analysis. Read more about the importance of threat modeling in our newest whitepaper, The Power of a Tailored Threat Model.
February 21, 2019.
By the CyberWire staff
Social media posed enough operational security problems for Russian forces operating against Ukraine that the Russian Army cracked down on their soldiers' online presence. It's a general problem: a NATO red team reports that military personnel put enough personal information online to render them vulnerable to influence and social engineering. Troops also discuss matters better left undiscussed.
Deep Instinct reports observing new instances of Separ credential-stealing malware. A maliciously crafted Adobe file is the typical infection vector. Once installed in a victim system, Separ lives off the land by abusing legitimate files and tools. The attack is simple but effective; the malicious script is short and easily overlooked.
A Vkontakte hack suggests where the limits of responsible disclosure may lie, and as Naked Security suggests, the line should probably be drawn on this side of spamming thousands of people to make a point. App developer Bagosi found an issue with Vkontakte, then decided to turn it loose in what the developer claimed was a harmless caper when Bagosi judged that Vkontakte wasn't paying sufficient attention. ZDNet says Vkontakte was not amused.
NCSC's dance with Huawei continues. On the one hand the company presents a risk to UK networks, but on the other it believes the risk may be manageable, and in any case, as Bloomberg reports, NCSC hasn't reached a decision yet. Its full report on telecoms security is due out in March. In the meantime, City A.M. says, NCSC boss Martin tells British telcos to up their security game.
Headed to San Francisco in March? Skip the rush of the show floor and book your threat hunting session in advance. ExtraHop puts you in the cockpit with network traffic analysis so you can be the blue team as an attack unfolds, reconstruct a database exfiltration, and more. Schedule your demo now to explore security at enterprise scale at RSA!
ON THE PODCAST
In today's podcast, up later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson discusses law enforcement on the dark web. Our UK correspondent Carole Theriault returns with stories of surveillance and facial recognition in London.
And Hacking Humans is up. In this episode, "Stop and think before you click that link," we've got followup from a listener on cognitive dissonance and behavioral science. Dave shares a listener story about a University Dean's List scam. Joe shares statistics from a government agency phishing test. Our catch of the day involves funds from the FBI, the IMF, and yes, Nigeria. Dave interviews Crane Hassold from Agari with phishing trends they've been tracking, plus his experiences as a former FBI agent.
Experience Deep Learning for Network Threat Protection at RSA 2019(San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
Visit LookingGlass at RSA 2019 to Handle Your Risky Business(San Francisco, California, United States, March 4 - 8, 2019) Join LookingGlass at RSA 2019 to learn more about how we can help you manage your organization’s risky business. Get a free expo pass when you reserve a personal, in-depth demo tailored to your security needs!
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018(BleepingComputer) A new year in review report from Symantec shows that formjacking accompanied by supply chain attacks were the fastest growing threats of 2018, while living-off-the-land (LotL) attacks saw a large boost in adoption from threat actors, with PowerShell scripts usage, for example, seeing a formidable 1000% increase.
Sinking a ship and hiding the evidence(Pen Test Partners) Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability(TrendLabs Security Intelligence Blog) We noticed a sudden increase in hack tool installation attempts from various industries in China, Taiwan, Italy and Hong Kong. We found a trojan combining RADMIN and MIMIKATZ to drop a Monero miner by exploiting MS17-010 for propagation, likely taking advantage of the Lunar New Year holidays.
Micro Focus Filr Multiple Vulnerabilities(SecureAuth) ...A vulnerability was found in the Micro Focus Filr Appliance, which would allow an attacker with regular user access to read arbitrary files of the filesystem. Furthermore, a vulnerability in the famtd daemon could allow a local attacker to elevate privileges...
Android does not escape from ransomware: the most serious threats and how to avoid them(Symantec) Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. The Symantec Connect community allows customers and users of Symantec to network and learn more about creative and innovative ways to use Symantec products and technologies.
How much does it cost to launch a cyberattack?(CSO Online) Just like in regular business, cyber criminals have a cost of operation and a return on investment to worry about. Unfortunately, a new report from Deloitte has found the cost of committing cyber crime is incredibly low.
Truth is the casualty of America’s political war(Times) Oscars weekend is upon us and there’s the usual excited last-minute jockeying for attention among the Hollywood crowd. This year’s show will once again include solemn intonements to public virtue...
Security Patches, Mitigations, and Software Updates
How cybersecurity firm Forcepoint plans to speed up India growth(Techcircle) Austin, Texas-based cybersecurity solutions provider Forcepoint is betting on its recently launched Next Generation Firewall (NGFW), part of its suite of network security solutions, to boost India revenue, a top company executive told TechCircle.
Hacking that Helps: Kevin Roh’s 120/120 Challenge(Synack) Personal resolutions and challenges crop up frequently at the beginning of a new year. Just like all humans, hackers love to set inspiring resolutions too. It’s cool to see our SRT hackers setting goals to be more active and successful on the Synack platform or even hackers not yet members of the SRT striving to …
CRXcavator: Democratizing Chrome Extension Security(Duo Security) To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security reports.
Elysium Analytics Launches First Cognitive SIEM(Elysium Analytics) Modern SIEM platform drives critical new SOC intelligence to counter polymorphic, advanced cybersecurity threats SANTA CLARA, CA – 8am ET, 20th February 2019 – Elysium Analytics, the cognitive cybersecurity business incubated by System Soft Technologies, today announced the availability of the industry’s first cognitive security information and event management platform (Cognitive SIEM). The Elysium …
Endpoint Security is Tip of the Spear for DoD’s Cloud Plans(Meritalk) The Department of Defense’s recently released Cloud Strategy covers a lot of territory, from an emphasis on the multibillion dollar Joint Enterprise Defense Initiative as a foundation of its plans, to its description of seven strategic objectives it wants to achieve in the cloud.
Highlights & transcript from Zuckerberg’s 20K-word ethics talk(TechCrunch) Mark Zuckerberg says it might be right for Facebook to let people pay to not see ads, but that it would feel wrong to charge users for extra privacy controls. That’s just one of the fascinating philosophical views the CEO shared during the first of his public talks he’s promised as part…
Students and alumni test cyber skills in Cyber 2.0 challenge(University of North Georgia) Students and alumni from the University of North Georgia (UNG) were among the 58 competitors for a $100,000 prize in the USA Hackers Challenge hosted by UNG and Israeli cybersecurity company Cyber 2.0 on Feb. 14 at Georgia Tech Research Institute (GTRI).
As US pushes to ban Huawei, UK considers softer approach(WSB Radio) Britain can handle the security risks involved with using mobile networks made by China's Huawei, the cybersecurity chief said Wednesday, adding to a growing debate among countries on whether the company should be banned, as the U.S. wants.
Keeping Huawei Hardware Out of the U.S. Is Not Enough to Secure 5G(Lawfare) The Trump administration’s efforts to protect the security of fifth-generation, or 5G, wireless networks by limiting the deployment of Chinese technology both domestically and globally meld trade policy with cybersecurity policy. On both counts, it should not be considered sufficient.
China ditches 2015 cybersecurity pact with US(American Military News) China is not playing nice when it comes to cybersecurity. Analysts have determined that China has thrown out a mutual cybersecurity agreement made with the U.S. in 2015.
The cybersecurity legislation agenda: 5 areas to watch(CSO Online) The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list.
Partisan Rift Threatens Federal Data-Privacy Efforts(Wall Street Journal) Congress set the stage last year to pass a sweeping consumer data-privacy law in 2019, but prospects for legislation are dimming amid sharpening divides among lawmakers over how far the federal government should go in reining in Big Tech.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
U.S. Commercial Service at RSAC2019(San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...
2019 Air Force Intelligence Community Security Review Board (SRB)(San Antonio, Texas, USA, March 16 - February 19, 2019) The 2019 Air Force (AF) Intelligence Community (IC) Security Review Board (SRB) is set to convene on 16 & 17 April 2019 at the Omni San Antonio Hotel at the Colonnade, San Antonio, TX. This two-day event...
Norwich University CGCS 2019 Cyber Security Summit(Northfielf, Vermont, USA, June 18 - 19, 2019) Mid- and executive-level managers seeking to broaden their organizations’ approaches to prudent cyber security practices will gain insight through a series of workshops and discussions on relevant issues...
ACSC 2019: Collaborate(Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...
Cybersecurity, Privacy & Trust: A Media Perspective(San Francisco, California, United States, February 21, 2019) As cyberattacks escalate and public awareness around data privacy and security risks increases, companies are grappling with how to comply with regulations and restore consumer trust. From rethinking how...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
BSides Columbus 2019(Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...
G’Day USA US-Australia Dialogue on Cyber Security(San Francisco, California, USA, March 4, 2019) The 2019 G’Day USA US-Australian Dialogue on Cyber Security will be held in San Francisco in the margins of the annual RSA Conference, which attracts more than 45,000 cyber and digital industry leaders.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.