With so many open source tools available to help with network security, it can be hard to know where to begin, especially if you are an IT generalist who has been tasked with security. Check out this helpful guide to learn more.
January 2, 2019.
By the CyberWire staff
Over the weekend print operations at several major US newspapers were disrupted by a cyberattack. Saturday editions of the San Diego Union Tribune, the Baltimore Sun, the Chicago Tribune, the New York Times, the Wall Street Journal, the Los Angeles Times and other papers saw their editions delayed as the attacks on print plants affected production (New York Times). The attack, which is believed to have involved a variant of Ryuk ransomware, targeted Tribune Publishing, but not all of the affected papers were Tribune properties. A number of them, including the New York Times, and Wall Street Journal, contract to use Tribune printing services. Production resumed through reversion to various workarounds.
Attribution remains murky, but the Los Angeles Times reports that the attack is believed to have originated outside the United States. Neither Tribune Publishing nor the affected papers have reported receiving ransom demands, but the incident seems consistent with a ransomware attack. KnowBe4 and Check Point have pointed out circumstantial similarities between this attack and operations of the North Korean government (Ryuk being a descendant of Hermes, which has been attributed to the Lazarus Group). CrowdStrike thinks Eastern European criminals the probable culprits, and that those gangs may have used Trickbot in their attack (PC Magazine).
Rapid7 reports finding hard-coded credentials in Guardzilla home-surveillance video systems.
Alleged NSA leaker Hal Martin succeeded in having incriminating statements he made during a 2016 FBI raid on his house suppressed: he wasn't Mirandized. But physical evidence the Bureau collected is still admissible.
Visualize Your Network Like the Most Infamous Hackers
Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.
And Recorded Future has also resumed its podcasts, which are produced in cooperation with the CyberWire. In the current episode, "Pioneering proactive approaches to power protection," Andrew Kling, senior director of cybersecurity at Schneider Electric, shares his professional journey and stresses the importance of threat intelligence.
Cyber Security Summits: 2019(United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
Origin Of Newspaper Cyber-Attack Still Unclear(CBS Sacramento) The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.
Stop the Presses: Don't Rush Tribune Ransomware Attribution(BankInfo Security) Don't rush to blame the printing outage at newspapers owned by Tribune Publishing on anything more than an organization failing to block a malware outbreak. And even if it does prove to be a Ryuk ransomware attack, there's no proof yet that any particular nation state is behind the campaign, experts warn.
How Hackers Stole $1B From Cryptocurrency Exchanges In 2018(Forbes) The cryptocurrency year has been one of ups and downs, especially where exchange rates are concerned. Sadly, one area that has remained buoyant is crypto theft. So, who were the hackers that stole $1 billion and how did they do it?
New Ransomware possibly criakl version(My Online Security) It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014…
Netflix phishing scam: Don’t take the bait(Consumer Information) Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords.
Security Patches, Mitigations, and Software Updates
Why it’s Time to Switch from Facebook Login to a Password Manager -(Trend Micro Simply Security) Social media sites are increasingly the focus of our digital lives. Not only do we share, interact and post on platforms like Facebook —we also use these sites to quickly log into our favorite apps and websites. But what happens when these social media gatekeepers are hacked? Awhile back, Facebook suffered a major attack when...
This clever AI hid data from its creators to cheat at its appointed task(TechCrunch) Depending on how paranoid you are, this research from Stanford and Google will be either terrifying or fascinating. A machine learning agent intended to transform aerial images into street maps and back was found to be cheating by hiding information it would need later in "a nearly imperceptible, h…
FCC will suspend most operations on Thursday if the shutdown continues(TechCrunch) The Federal Communications Commission said on Monday that it will need to suspend most of its operations by the middle of Thursday if the partial government shutdown continues. The FCC will continue “work required for the protection of life and property,” as well as work related to spectrum auction…
UNITED STATES Plaintiff, v. HAROLD T. MARTIN, III, Defendant.(US District Court for the District of Maryland (via Politico)) On February 8, 2017, the Grand Jury returned an Indictment against Harold T. Martin, III, charging him with twenty counts of Willful Retention of National Defense Information in violation of 18 U.S.c. ~ 793(e).
FBI Botched Interrogation of Former NSA Contractor Accused of Stealing Secrets(Gizmodo) In the case of a former National Security Agency (NSA) contractor accused of stealing a huge cache of classified documents, a federal judge this month agreed to toss out statements made by the contractor, Harold “Hal” Martin, on the basis that FBI agents failed to Mirandize him properly during four-hour interrogation, even though the suspect was not under arrest at the time.
Thomas Rid on Twitter(Twitter) “CORRECTION: my post from earlier today erroneously linked Hal Martin to the Shadwobrokers. The redacted sections refer to another entity. H/t to an unnamed source and @emptywheel
Caution also with this story:
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.