Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
January 30, 2019.
By the CyberWire staff
A new report by FireEye on Iran's APT39 discerns a disturbing new interest of the Islamic Republic's hacking unit: it's going after personally identifiable information. This is said to be unusual for Iranian state-directed actors, who've hitherto concentrated on other objectives, like trade secrets, state secrets, and access to infrastructure.
Reuters reports on a UAE program to intercept iPhone traffic.
US Intelligence Community leaders yesterday testified before the Senate about the threat landscape. Cyber threats figured prominently, the Washington Post says. Russia, China, Iran, and North Korea were specifically singled out as aggressive and dangerous, and as having significantly increased their cyber capabilities. Criminal or terrorist activity in cyberspace is a less serious problem, although the testimony did note growing systematic and opportunistic collaboration between nation-states and criminal groups.
Last week Cisco issued patches for its Small Business RV320 and RV325 dual gigabit WAN VPN routers. Attackers are currently scanning actively for unpatched routers, SC Magazine reports. Exploit code has been published, and users should patch.
Huawei's indictment in the US could prove crippling, WIRED reports, if it results in loss of access to US technology.
The FaceTime bug (which as CNN and others note was discovered by a fourteen-year-old gamer and disclosed to Apple by his mom) is now the subject of a lawsuit. Ars Technica reports that a Texas attorney is suing Apple because the bug allowed a deposition to be recorded. The plaintiff says he updated his phone to allow "group Facetime calls but not unsolicited eavesdropping."
Experiencing poor performance with your legacy antivirus? Try CB Defense.
Does your legacy antivirus slow down end user endpoints? Try Carbon Black's lightweight, next-generation antivirus + endpoint detection and response solution in your environment for free!
Compare CB Defense to your current solution using real-world scenarios, and see how operations transform across your security and IT teams. After you've finished your 15-day trial, you'll have everything you need to build a business case and make the switch. Gain superior protection, simplified operations, and actionable visibility today.
DreamPort Event: The Red Hat Ansible Tower Workshop(Columbia, Maryland, United States, February 7, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting the Red Hat Ansible Tower Workshop. This workshop will enable you to create playbooks, while building in security. Automation features will save time, empower junior staff, offload senior staff and automate your most tedious tasks!
Cyber Job Fair, Feb 13, San Antonio(San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.
CYBERTACOS RSA(San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Iran's Cyber Spies Looking to Get Personal (VOA) New reports from cybersecurity firm FireEye, and others, indicate Tehran is swallowing up PII - personally identifiable information – to gain leverage in future operations
Data management giant Rubrik leaked a massive database of client data(TechCrunch) A server security lapse has exposed a massive database of customer information belonging to Rubrik, an IT security and cloud data management giant. The company pulled the server offline Tuesday within an hour of TechCrunch alerting the company, after the data was found by security researcher Oliver…
Facebook pays teens to install VPN that spies on them(TechCrunch) Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed i…
Bashe attack(Lloyd's) Assessing the impacts of a global ransomware attack
Cyber Security Impact Analysis of US Government Shutdown(SecurityScorecard) SecurityScorecard developed this report to outline observable changes within the external security postures of US federal government entities during the period throughout the US Government Shutdown of 2018 - 2019.
Hackers Target SMBs That Support US Power Grid | Avast(Security Boulevard) Supply chain attacks may not be new, but they are evolving, thanks to smarter malware and more insidious tactics. Today’s reality is that there is a mounting magnitude of supply chain cyberattacks that are taking down small businesses, large enterprises, and even utilities as massive and critical as the US power grid.
City of Akron’s 311, email still affected by last week’s cyber attack(Fox8.com) The city of Akron is still dealing with the effects of last week's cyber attack. City officials learned of an unsuccessful attempt to access city funds on Tuesday. There is no evidence to suggest the personal information of taxpayers or residents was compromised. The FBI, the Ohio State Highway Patrol and the National Guard aided in the investigation.
Security Patches, Mitigations, and Software Updates
Apple Working on Patch to Prevent FaceTime Spying(SecurityWeek) Apple is working on a patch for a FaceTime vulnerability that can be exploited to spy on people. The attack involves a FaceTime call to the targeted user, but the victim doesn’t have to pick up.
The History of Fake News(The National Interest) Why can’t America reliably separate out fact, falsehood, opinion and reasoned analysis?
5G is Coming - Where's IoT Security?(Acreto IoT Security) 5G is a game-changer. The highly decentralized 4G/LTE networks cannot support IoT and connected device platforms. A whole new security model is essential.
Pentagon Security: Combating the Cybersecurity Skills Shortage(Bugcrowd) The Defense Digital Service’s mission to “drive a giant leap forward in the way the Department of Defense builds and deploys technology and digital services” is something we can all get behind. As citizens we commend the work they have done as well as their plans to expand on these efforts — we are thrilled
Huawei: how the telecoms giant is seen around the world(Phys.org) US charges against Chinese telecoms giant Huawei have cranked up tensions between the world's two biggest economies, but the company is already facing obstructions around the world over alleged cyber-security risks.
Israeli co Salt Security raises $10m(Globes) Salt Security will use the funding to increase R&D for its core platform and add support for new use cases and broader requirements in response to growing customer demand.
Thales, Centech team to support AI start ups(Jane's 360) Thales and Canadian company Centech have formed a strategic partnership dubbed AI@Centech to support start-ups developing artificial intelligence (AI) technologies.
These companies will benefit from Thales’ technology experience and business know- how, which will be applied to the concepts
Blockchain 101: A General Counsel's Guide(Forbes) Most financial institutions rely on complex infrastructures and lengthy processes to settle trades, send money abroad, reconcile records and secure transactions. But that could all change as blockchain revolutionizes the financial services sector and the legal teams that work within it. As its name implies, blockchain is a series of connected [...]
Passwords in a file(Security Boulevard) My dad is on some sort of committee for his local home owners association. He asked about saving all the passwords in a file stored on Microsoft's cloud OneDrive, along with policy/procedures for the association.
The Cybersecurity Workforce Gap(CSIS) As cyber threats continue to grow in sophistication, organizations face a persistent challenge in recruiting skilled cybersecurity professionals capable of protecting their systems against the threat of malicious actors.
First results of the EU Code of Practice against disinformation(Digital Single Market - European Commission) Online platforms have submitted a first implementation report setting out the state of play of the measures taken by each of them to comply with their commitments under the Code of Practice on Disinformation. The Commission welcomes these actions but calls on online platforms to intensify their efforts in the run up to the 2019 European elections.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX Americas 360 2019(Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...
QuBit Conference Belgrade 2019(Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...
National Security Technology Forum and Exposition (NSTFX)(San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...
3rd Next Generation Cyber Security for Utilities(Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.