Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
January 18, 2019.
By the CyberWire staff
Yesterday Troy Hunt announced, to considerable éclat, the discovery of a large trove of credentials for sale in a dark web souk. He calls it "Collection #1." The hood offering the material for sale goes by the nom-de-hack of "Sanixer." KrebsOnSecurity contacted Sanixer and concluded that the material is relatively old, gleaned from various sources, and possibly worth every cent of the $45 Sanixer is charging (which is to say, not so much). 773 million unique email addresses and 21 million unique passwords are lots of credentials, to be sure, but Motherboard is probably right to point out that it's not the devastating blow to Internet users that's been giving some media outlets the yips. Good job by Mr. Hunt and HaveIBeenPwned in finding Collection #1. It should serve as a nudge toward better digital hygiene.
Palo Alto Networks warns that Rocke coinjacking malware is able to disable five Tencent Cloud and Alibaba Cloud security products that would otherwise prevent Rocke from operating in infected systems.
Facebook made another sweep of "coordinated inauthentic sites," pulling down three-hundred-sixty-four Russian pages yesterday. The pages targeted were judged to be not only inauthentic, but also have engaged in information operations. The accounts were linked, Facebook says, to the Russian news agency Sputnik.
Underground Tradecraft links to a proposal that exhibits the convergence of marketing and influence operations, considered as activities, not sectors.
Winner winner chicken dinner: GameDaily reports that Epic Games has patched the Fortnite flaw that exposed some 200 million gamers' data.
Today's edition of the CyberWire reports events affecting Armenia, Australia, Azerbaijan, Canada, China, Estonia, Georgia, Germany, India, Iran, Israel, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Romania, Russia, Saudi Arabia, Tajikistan, United Kingdom, United States, Uzbekistan, and Zimbabwe.
Monday is Dr. Martin Luther King, Jr. Day here in the US, and we'll mark the Federal holiday by taking a day away from publishing. Both the CyberWire's Daily News Briefing and our Daily Podcast will return, as usual, on Tuesday.
Tomorrow marks, officially the third anniversary of the CyberWire Daily Podcast's public launch. You can check out that episode here, for a walk down memory lane. Thanks to all of you for reading and listening.
Bridge the Gap Between Policy & Technology at Georgetown
The Georgetown University Master's in Cybersecurity Risk Management prepares you to navigate today’s increasingly complex cyber threats. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. Join us for a webinar on Tuesday, January 29, at noon ET to explore our program.
Proactive Cybersecurity: Modeling Adversarial Behavior(Online, January 23, 2019) Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
Cyber Attacks, Threats, and Vulnerabilities
Tapping Telegram Bots(Forcepoint) At Forcepoint Security Labs we are always looking at the methods threat actors use to circumvent existing protections. One such investigation saw us looking into the usage of the Telegram encrypted messaging service as a Command and Control (C2) infrastructure for malware. Malware that uses Telegram as a C2 channel typically uses the Telegram Bot API for communications. In the course of an investigation into one piece of malware, we discovered a significant flaw in the way Telegram handles messages sent through its Bot API.
The 773 Million Record "Collection #1" Data Breach(Troy Hunt) Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses
773M Password ‘Megabreach’ is Years Old(KrebsOnSecurity) My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum.
Underground Tradecraft(Underground Tradecraft) A proposal outlining , at a high level, an influence campaign and an intelligence collection operation. The content is extremely interesting reading. Moreso when you realize you’re reading a proposal...
Throwback Thursday: Whatever happened to Stuxnet?(Security Boulevard) Whatever happened to Stuxnet? Since it destroyed hundreds of centrifuges at a nuclear enrichment facility in Iran in 2010, the worm’s been quiet—but not idle. Compared to many of its malware colleagues, the Stuxnet worm has had a lot more than the proverbial 15 minutes of fame. With good reason. It was precedent-setting. It was The post Throwback Thursday: Whatever happened to Stuxnet? appeared first on Software Integrity Blog.
Emotet infections and follow-up malware(SANS Internet Storm Center) Three major campaigns using malicious spam (malspam) to distribute malware stopped sending malspam before Christmas--sometime during the week ending on Sunday 2018-12-23.
Amazon Web Services announces AWS Backup(Help Net Security) The AWS Backup service helps customers to automate backups of their data across AWS services and on-premises, and meet business and regulatory requirements.
Watch out: hackers are upping their game(The Royal Gazette) Hackers are upping their game and many organisations are not even aware of serious holes in their own network defences.That is the warning from Hari
WPI Computer Scientist Developing New Technology to “Contain” Hackers’ Attacks(WPI) A computer scientist at Worcester Polytechnic Institute (WPI) is developing a new technology designed to protect companies—and computer users—from damaging and expensive malware attacks. Known as single-use services, the technology is being developed by Craig Shue, associate professor of computer science at WPI, with a three-year, $265,631 grant from the National Science Foundation. It is designed to prevent an attack on a commercial website from compromising other servers, data, and users.
Japan, US vow to cooperate in space, cyber domains, over North Korea(Nikkei Asian Review) Japanese Defense Minister Takeshi Iwaya and U.S. Acting Defense Secretary Patrick Shanahan agreed Wednesday to cooperate in new domains of warfare like outer space and cyberspace in a veiled response to China's quest for military supremacy in such areas.
Social Media In Zimbabwe Now Inaccesible To Those With VPNs As Well(Techzim) Internet access has been restored but it seems the lockdown on social media is still going strong and though earlier you could access the social media sites along with YouTube and WhatsApp if you had a VPN installed it seems that government has taken things further by blocking most VPNs as well which means most …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.