How can industrial organizations stay ahead of ICS adversaries and proliferating threats?
Dragos identified the most dangerous threat to ICS, XENOTIME (the activity group behind TRISIS), has expanded its targeting beyond oil and gas--illustrating a trend that will likely continue for other ICS-targeting adversaries. Learn more about how taking an intelligence-driven approach to ICS cybersecurity can help organizations stay ahead of the latest threats to ICS environments.
July 3, 2019.
By the CyberWire staff
US Cyber Command warned that CVE-2017-11774, a Microsoft Office Outlook security bypass vulnerability publicly identified in 2017, is being actively exploited in the wild. The Command posted samples to VirusTotal, which researchers at Chronicle have checked and associated with exploitation of this vulnerability in 2018 by Iran's APT33 and Shamoon2. Users who haven't yet patched are encouraged to do so. The warning comes during a period of heightened US-Iranian tension.
Airline pilots say they've experienced weeks of GPS disruption around Tel Aviv. C4ISRNET reports that Russian jamming is suspected.
Chatham House has published a study of NATO space-based strategic systems' vulnerability to cyberattack.
Cloudflare experienced a widespread outage yesterday morning that affected Internet service worldwide with 502 errors. Cloudflare's CEO Matthew Prince tweeted that a "[m]assive spike in CPU usage caused primary and backup systems to fall over," and that the issue has since been remediated. The company attributed the outage to "a bad software deploy," and says the problem lasted about thirty minutes.
Proofpoint says TA505, the gang responsible for Locky ransomware and the Dridex banking Trojan, is using a new downloader, "AndroMut," that bears code similarities to the Andromeda malware family. AndroMut distributes the FlawedAmmyy remote access Trojan in at least two campaigns: one targeting South Korean users, the other aimed at Singapore, the UAE, and the US. Both campaigns use malicious Microsoft Office files as their infection vector, and both are interested in the banking sector.
Bloomberg reports that Broadcom is in "advanced talks" to acquire Symantec.
Today's issue includes events affecting Australia, China, Ghana, Iran, Ireland, Israel, Libya, NATO/OTAN, Netherlands, Singapore, South Korea, United Arab Emirates, United Kingdom, United States.
Bring your own context.
The people attackers are out to compromise may not be those you think.
"We do see a lot of organizations assuming that those VIPs or the very visible C-level executives - that these are the people that cyberattackers are going to go after. And certainly they are. However, we see attackers looking up and down org charts to find their points of compromise. It's important to really know how your organization specifically is being attacked."
—Gretel Egan, security awareness and training strategist at Proofpoint, on the CyberWire Daily Podcast, 7.1.19.
If you're trying to rummage through an organization's secrets, it's sometimes better to get to the people who empty the bosses' wastebaskets than it is to get to the bosses themselves.
And a pre-holiday reminder to our readers: the CyberWire won't publish or podcast on July 4th, 5th, or 6th. We'll be observing Independence Day. Enjoy the Fourth (as will we). We'll be back on Monday, July 8th, with our usual Briefings and Podcasts.
Are you centralizing all security-related data from across the business?
Is there a challenge with your security data you haven’t been able to wrangle? Devo enabled one their customers – a top five US retail manufacturer – to move fast enough to outpace malicious bots by reducing query time from 5 hours to 5 minutes. That was something they couldn’t do with anyone else.
Cyber Security Summits: DC on July 16 and in Chicago on August 27(Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
A Cloudflare outage is impacting sites everywhere(TechCrunch) If you’ve been experiencing “502 Bad Gateway” notices all morning, for better or worse, you’re not alone. Cloudflare has been experiencing some major outages this morning, leaving many sites reeling in its wake. In fact, the company’s System Status page, which collects…
Cloudflare outage caused by bad software deploy (updated)(The Cloudflare Blog) Starting at 1342 UTC today we experienced a global outage across our network that resulted in visitors to Cloudflare-proxied domains being shown 502 errors (“Bad Gateway”). The cause of this outage was deployment of a single misconfigured rule within the Cloudflare Web Application Firewall (WAF)
An Analysis of Arlo(Tenable TechBlog) Netgear Arlo is one of the most popular IoT camera vendors out there.
Security flaws in a popular smart home hub let hackers unlock front doors(TechCrunch) When is a smart home not so smart? When it can be hacked. That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when …
Schneider Electric Modicon Controllers(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Modicon Controllers
Vulnerability: Improper Check for Unusual or Exceptional Conditions
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Quest KACE Systems Management Appliance(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 2.7
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: KACE Systems Management Appliance (SMA)
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system of the device.
US election security official highlights email threat(Washington Post) An election security official with the U.S. Department of Homeland Security has warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers
Raytheon United Technologies merger(Military & Aerospace Electronics) Speculation merger may not happen, President worries it could cut competition, Air Force calls it a security concern, and investors question its logic.
The company you keep(SC Media) A new take on the old adage “you’re known by the company you keep,” might aptly apply to women in security who’ve found success, progress and
5 Years of Fighting DDoS with the Power of Akamai(Akamai) Earlier this year, Akamai celebrated the fifth anniversary of the Prolexic acquisition. The merger was officially completed in February of 2014, and a lot has happened since then. In this post, we want to spend a moment reflecting on the last five years and look at what's ahead.
Unisys Stealth Integrates With Dell EMC Cyber Recovery Software(PAGEONE) Global IT company Unisys has integrated its award-winning software security system Unisys Stealth with Dell EMC Cyber Recovery software for improved cyber resilience and business continuity. This will allow quicker and more secured cyber recovery
What businesses can learn from a classic movie(nCipher Security) They say that if you haven’t got your health, you haven’t got anything. At least that’s what Christopher Guest said in his role as Count Tyrone Rugen in the movie The Princess Bride.
How cyber security can tackle cyber bullying(The New Paper) Access to online learning exposes students to a wealth of information. However, it can also expose them to the darker side of the Internet. Cyber bullies use Internet-based platforms to torment others, even when attending school. And cyber bullying is a serious political,...
Addressing Sensational Health Claims(Facebook Newsroom) In order to help people get accurate health information and the support they need, it’s imperative that we minimize health content that is sensational or misleading.
New law brings big change to IRS in IT, cyber(FCW) A new law will implement a raft of technology and cybersecurity reforms at the IRS while also restoring hiring authorities that officials say are key to attracting qualified IT talent.
Litigation, Investigation, and Law Enforcement
Transnational Organized Crime and National Security: Hezbollah, Hackers and Corruption(Lawfare) Hezbollah has adapted to the American crackdown on its money laundering operations by bringing in new front-men and shell companies. In the U.S., municipalities across the country have suffered ransomware attacks. And, new corruption investigations demonstrate the vulnerability of Central and South American governments to drug cartels.
Kamala Harris campaign lawyer hired Fusion GPS for Hillary Clinton(Washington Examiner) The former top lawyer for Hillary Clinton’s failed presidential campaign who hired Fusion GPS to carry out controversial opposition research against then-candidate Donald Trump in 2016 is now working for a top 2020 Democratic presidential hopeful.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.