What if your security solution could provide zero doubt?
A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.
January 10, 2019.
By the CyberWire staff
Proofpoint researchers describe two hitherto undocumented strains of malware, ServHelper (a backdoor) and FlawedGrace (a remote access Trojan) now being used in the wild by TA505.
WIRED has an account of how ISIS is turning from social networks to chat apps.
Reddit, which locked down a large number of accounts over security suspicions aroused by unusual activity in those accounts, is systematically restoring users' access.
The "shelf life, three weeks" tweets said to have aroused such suspicion at NSA in 2016 were apparently turned over to NSA by Kaspersky, say anonymous sources not authorized to discuss what they know. The tweet was addressed to "Yevgeni," presumably Eugene Kaspersky himself, by @HAL999999999 as Ars Techica reports. Thus it was Kaspersky, the Washington Post notes, and not US counterintelligence officers, who first twigged to the possibility that someone may have been getting ready to leak classified information, and that warning is being connected to Hal Martin's arrest.
Two points are worth making. First, Mr. Martin, who's entitled to the presumption of innocence, is charged with mishandling and unlawful retention of classified material, not with passing it to anyone. So the ShadowBrokers' leaks that soon followed the tweets may be coincidental (if one believes in such things). Second, as interesting as we find reading and writing about this developing story, the fact that anonymous sources not authorized to speak are speaking as much as they are suggests that US Federal insider threat programs remain more loosey-goosey than the Intelligence Community would probably hope.
Visualize Your Network Like the Most Infamous Hackers
Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.
And Hacking Humans is up. This episode, "Trained humans are your strongest link," features a warning about scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
New Side-Channel Attack Targets OS Page Cache(SecurityWeek) Researchers who disclosed Meltdown, Spectre and other similar attacks are now back with a new type of side-channel attack, one that is hardware agnostic and targets the operating system page cache.
Web Vulnerabilities Up, IoT Flaws Down(Dark Reading) The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.
The State of Web Application Vulnerabilities in 2018(Imperva) This blog provides an analysis of all web application vulnerabilities throughout the year, view trends, and notice significant changes in the security landscape. This look back at 2018 helps readers to understand the changes and trends in web application security over the past year.
WordPress-Related Vulnerabilities Tripled in 2018(BleepingComputer) WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites.
Rohde & Schwarz Unveils New DPI Features for vEPC(Fast Mode) ipoque, a Rohde & Schwarz company providing market-leading deep packet inspection (DPI) software, announced new R&S PACE 2 capabilities for the virtualized evolved packet core (vEPC) market.
Xerox enhances AltaLink Workplace Assistants(Help Net Security) New software enhancements to these Workplace Assistants, allow companies to monitor critical security settings and automatically reset unauthorized changes.
Deception for proactive defense(Help Net Security) This article is fourth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks.
SingHealth COI makes 16 recommendations to strengthen cyber defence(The New Paper) A senior manager at Integrated Health Information Systems (IHiS) did not report the cyber attack as he feared added pressure and more work. With no clarity on how such incidents should be reported, a junior staff member who discovered the breach left it to her direct...
Hal Martin's defense says prosecutors have yet to provide essential evidence(CyberScoop) Attorneys for Harold T. Martin III, the former U.S. National Security Agency contractor accused of perhaps the largest theft of government secrets in American history, said in a court filing that government prosecutors have not allowed access to evidence necessary to mount a sufficient defense.
Lieberman's ZTE Work Makes Him a Foreign Agent: Complaint(Bloomberg) Former Senator Joe Lieberman should register as a foreign agent for his work on behalf of embattled Chinese telecommunications company ZTE Corp., according to a complaint filed with the Justice Department today by the Campaign Legal Center.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
PCI Security Standards Council 2019 India Forum(New Delhi, India, March 13, 2019) You’re invited to a day of networking opportunities and educational sessions as the PCI Security Standards Council holds its first ever India Forum in New Delhi, India. You won’t want to miss our engaging...
InfoSec World 2019(Lake Buena Vista, Florida, USA, April 1 - 3, 2019) Cybersecurity has come a long way in 25 years, and InfoSec World has been there through it all. That's right, InfoSec World 2019 Conference & Expo is returning to Disney's Contemporary Resort on April...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.