How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
February 27, 2019.
By the CyberWire staff
The Washington Post reports that US Cyber Command disrupted Russia's Internet Research Agency's networks on the day of the US midterm elections and for a short period afterwards, to prevent Russian trolls from causing trouble. Security expert Thomas Rid believes that "such an operation would be more of a pinprick" than a long-term deterrent, but some defense officials said that “grand strategic deterrence” wasn't the objective here. One official told the Post that "part of our objective is to throw a little curveball, inject a little friction, sow confusion."
Ukrainian President Petro Poroshenko accused Russia of launching DDoS attacks against Ukraine's Central Election Commission on February 24th and 25th, CyberScoop reports.
ESTsecurity came across a spearphishing document last week that poses as an invitation from the “Korea-U.S. Friendship Society” to a meeting in Seoul regarding the Trump-Kim summit. The company says the malware delivered is associated with North Korean hackers. CrowdStrike's vice president of intelligence Adam Meyers told CyberScoop that it's observed the same document lure being used by a suspected North Korean threat actor it calls "Velvet Chollima."
Trustwave discovered that the website for the Bangladeshi Embassy in Cairo was infected with a coinminer in October, and recently began distributing cryptomining malware to visitors via malicious Word documents. The site is still compromised, so steer clear. The researchers don't believe a nation-state is behind the activity, due to its lack of sophistication, but they say it serves as a reminder that even low-skilled attackers can compromise important government sites.
Today's edition of the CyberWire reports events affecting Australia, Bangladesh, Brazil, China, Democratic People's Republic of Korea, Egypt, European Union, India, Indonesia, Russia, Singapore, Spain, Switzerland, Turkey, Ukraine, United Kingdom, United States.
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
CYBERTACOS RSA(San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.
Experience Deep Learning for Network Threat Protection at RSA 2019(San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
Cyber Attacks, Threats, and Vulnerabilities
Cyber-Espionage Group Customizes Old, Public Tools(BleepingComputer) A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools; the source code for some of them has been released as early as 2007.
Cryptojacking Targets Education(Campus Technology) Malicious cryptomining or cryptojacking, as it's called, describes the theft of computer processing resources — electricity, cloud services and other digital assets — that are then exploited to do cryptocurrency mining without the owner's permission or knowledge.
A Peek into BRONZE UNION’s Toolbox(SecureWorks) Secureworks Counter Threat Unit researchers identified evidence of BRONZE UNION leveraging tools that have been publicly available for years. However, the variants used in 2018 included updated code.
Most Singapore employees using unapproved apps for work(ZDNet) To get work done, 95 percent of employees in the country acknowledge using applications not sanctioned for use in the office and while 98 percent of businesses have kicked off their digital transformation plans, just 18 percent have reached maturity.
Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution(TrendLabs Security Intelligence Blog) The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web Services (rest) module.
New Attack Runs Code After Closing Browser Tab(SecurityWeek) Security researchers have discovered that websites can abuse modern browser APIs to persistently abuse browser resources for nefarious operations even after their tabs or windows have been closed.
‘Deep fake’ videos threaten the world order(The Times) Political convulsions are visible everywhere in the western democratic world. On both left and right, debate has become increasingly febrile and ideological. Non-consensus is the new normal, and...
Security Patches, Mitigations, and Software Updates
2019 State of IT Security Survey Takeaways(Bricata) A survey of readers by the trade publication eSecurity Planet found businesses plan to boost cybersecurity spending and identified specific areas of confidence and doubt around defenses.
Cyberthreat Index for Business(AppRiver) The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with University of West Florida Center for Cybersecurity, using survey data collected online in January of 2019.
SSL-based Threats | Security Report(Zscaler) The SSL traffic and threats report by ThreatLabZ showcases the prevalent SSL-based threats that are targeting companies. Download the report to learn more.
More Than 22,000 Vulnerabilities Disclosed In 2018(Risk Based Security) Risk Based Security today announced the publication of its 2018 Year End Vulnerability QuickView Report, showing over 22,000 new vulnerabilities were disclosed during the year. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row.
Why Not Always Multi-Factor Authentication?(SecurityWeek) According to a survey of 2,600 IT professionals conducted by security awareness training firm KnowBe4, only 38 percent of large companies use multi-factor authentication (MFA) while a whopping 62 percent of small to midsize companies don’t.
KnowBe4 Expands into Brazil with the Acquisition of El Pescador(Florida Trend) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing, announced it has entered the Brazilian market by purchasing El Pescador, a company previously owned by Tempest – a national cybersecurity leader.
GlobalSign, Microsoft join forces to strengthen mobile security(DataCentreNews) Identity and security solutions GMO GlobalSign announced it has joined the Microsoft Intelligent Security Association, a collaborative initiative to help organisations worldwide defend against increasingly sophisticated, fast-moving threats.
IDFC Parampara backs cybersecurity firm CloudSEK(VCCircle) CloudSEK Info Security Pvt. Ltd, which develops software-as-a-service (SaaS) information security risk management solutions, said it has raised Rs 3.5 crore ($490,000 at current exchange rate) in a fresh funding round from IDFC Parampara Early Stage Opportunities Fund.
Facebook will introduce 'clear history' tool this year: CFO(Reuters) Facebook Inc will introduce a tool allowing users to clear their browsing history this year, which will affect the company’s ability to target advertisements, Chief Financial Officer David Wehner told an investment conference on Tuesday.
SecurityScorecard Releases Atlas™ Questionnaire Platform (SecurityScorecard) SecurityScorecard announces availability of Atlas, a questionnaire and evidence exchange platform that enables enterprises to easily manage, complete, and analyze cybersecurity questionnaires and evidence-based internal security controls at scale
Jazz Networks wins USCYBERCOM competition(Intelligence Community News) Jazz Networks of New York, NY announced on February 25 that it placed first in a competition to detect insider threat attacks in real-time during a simulated U.S. Cyber Command battlefield.
California AG Wants to Add Teeth to State Data Privacy Law(Government Technology) Legislation passed over the summer gives consumers in the state more insight into what companies do with their data, but Attorney General Xavier Becerra wants to be able to go after companies that do not comply.
U.S. consumer regulator forms task force to monitor big tech(Reuters) The Federal Trade Commission, under pressure to keep closer tabs on big tech companies such as Alphabet’s Google and Facebook, said on Tuesday it would create a task force to monitor the sector and investigate anticompetitive conduct.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
BSides Columbus 2019(Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...
G’Day USA US-Australia Dialogue on Cyber Security(San Francisco, California, USA, March 4, 2019) The 2019 G’Day USA US-Australian Dialogue on Cyber Security will be held in San Francisco in the margins of the annual RSA Conference, which attracts more than 45,000 cyber and digital industry leaders.
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.