Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
January 29, 2019.
By the CyberWire staff
A FaceTime bug was disclosed early this morning. 9to5Mac reports that you can call someone using FaceTime and start hearing audio from their phone before they even pick up. The problem seems to affect iOS devices running iOS 12.1 or later. Apple has made the Group FaceTime server (where the bug is located) temporarily unavailable until Cupertino comes up with a permanent fix.
Deep Instinct announced this morning that a new variant of information-stealing FormBook is circulating in the wild. FormBook is now using DropMyBin, which Deep Instinct describes as a "malware-friendly" hosting service appearing in various criminal markets. The service appears to be operated at least in part from Russia, probably by Russian cybercriminals.
xDedic, the online marketplace that traded in hacked servers, has been taken down, ZDNet reports. The FBI announced that the illicit service's site had been seized pursuant to a US Federal warrant. The takedown was an international operation featuring substantial European support and cooperation. XDedic's infrastructure had been located mostly in Belgium and Ukraine. Cyberpolice Ukraine tweeted that they have three suspects in custody.
Europol is pursuing users of booter services, TechCrunch reports. The DDoS-for-hire service Webstressor having been taken down, the authorities are now tackling the demand side of this criminal market.
The US has filed more charges against Huawei: thirteen counts, the New York Law Journal says, involving fraud and money-laundering.
North Korea's Kim has announced ambitious financial goals, and CyberScoop says observers think them likely to prompt a surge in DPRK hacking.
Today's edition of the CyberWire reports events affecting Belgium, Canada, China, European Union, Germany, Iran, Ireland, Democratic Peoples Republic of Korea, Poland, Russia, Ukraine, United Kingdom, United States.
Experiencing poor performance with your legacy antivirus? Try CB Defense.
Does your legacy antivirus slow down end user endpoints? Try Carbon Black's lightweight, next-generation antivirus + endpoint detection and response solution in your environment for free!
Compare CB Defense to your current solution using real-world scenarios, and see how operations transform across your security and IT teams. After you've finished your 15-day trial, you'll have everything you need to build a business case and make the switch. Gain superior protection, simplified operations, and actionable visibility today.
DreamPort Event: The Red Hat Ansible Tower Workshop(Columbia, Maryland, United States, February 7, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting the Red Hat Ansible Tower Workshop. This workshop will enable you to create playbooks, while building in security. Automation features will save time, empower junior staff, offload senior staff and automate your most tedious tasks!
Cyber Job Fair, Feb 13, San Antonio(San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.
CYBERTACOS RSA(San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Apple Bug Enables Eavesdropping on FaceTime Users(Wall Street Journal) Apple scrambled to fix a bug in its FaceTime video-chat system that lets callers eavesdrop on users of iPhones, iPads, and Macs, an embarrassing setback for a company that has touted its commitment to privacy.
France's Altran Tech says it was hit by cyber attack(CNBC) Jan 28- French engineering consulting firm Altran Technologies was the target of a cyber attack on Thursday that hit operations in some European countries, it said. Altran said on Monday it had shut down its IT network and applications and a recovery plan was under way. Britain's National Cyber Security Centre announced on Friday it was investigating a...
Industry Reactions to Data Privacy Day(SecurityWeek) Industry professionals comment on Data Privacy Day, the international holiday whose goal is to raise awareness and promote privacy and data protection best practices.
IARPA announces Proposers’ Day for SAILS, TrojAI(Intelligence Community News) On January 25, the Intelligence Advanced Research Projects Activity announced a Proposers’ Day Conference for the Secure, Assured, Intelligent Learning Systems (SAILS) and Trojans in Artificial Int…
CIS launches new free self-assessment tool for the CIS controls(CIS) Free Web Application Tracks and Prioritizes Implementation East Greenbush, N.Y., January 28, 2019 CIS® (Center for Internet Security, Inc.®) today announced the launch of the CIS Controls® Self-Assessment Tool, or CIS CSAT, to enable security leaders to track and prioritize their implementation of the CIS Controls. “CIS CSAT helps organizations regardless of size or resources, …
Where To Begin With MITRE ATT&CK Matrix(SecurityWeek) Cybersecurity teams frequently use the MITRE ATT&CK matrix as a framework to show where the organization has good visibility protections, and where identified weaknesses can be addressed.
xDedic Marketplace Shut Down in International Operation(Europol) On 24 January, the U.S. Prosecutor’s Office for the Middle District of Florida, the FBI and the Internal Revenue Service (IRS) of Tampa (Florida), the Federal Computer Crime Unit (FCCU), the Federal Prosecutor’s Office and the Investigating Judge of Belgium, as well as the Ukrainian National Cyber Police and Prosecutor General’s office of Ukraine, with the support of the Bundeskriminalamt of Germany and Europol seized the xDedic Marketplace.
After seizing a major DDoS-for-hire site, Europol goes after its users(TechCrunch) Last year, Europol and its many law enforcement partners took down and seized webstresser.org, one of the most notorious “booter” sites for launching distributed denial-of-service (DDoS) attacks, which was claimed to have launched millions of attacks. But the coalition of feds isn’…
Appeals court to hear case of reporter alleging surveillance(Washington Post) A federal appeals court is set to hear arguments in a lawsuit filed by a former CBS News reporter alleging that Obama administration officials violated her constitutional rights by hacking into her computers and other electronic devices
Webcam Hacker Luis Mijangos(GQ) Every online scam begins more or less the same—a random e-mail, a sketchy attachment. But every so often, a new type of hacker comes along. Someone who rewrites the rules, not just the code. He secretly burrows his way into your hard drive, then into your life. Is he following your every move?
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security X Chicago(Chicago, Illinois, USA, September 25 - 26, 2019) Cyber Security X Chicago is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight...
Cyber Security X Atlanta(Atlanta, Georgia, USA, November 20 - 21, 2019) Cyber Security X Atlanta is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight...
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
3rd Next Generation Cyber Security for Utilities(Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.