Visit LookingGlass Cyber Solutions at BlackHat USA 2019
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
July 8, 2019.
By the CyberWire staff
Anomali has described a Microsoft Office exploit "supply chain" being shared among at least five Chinese groups: Conimes, KeyBoy, Emissary Panda, Rancor, and Temp[dot]Trident. Specifically, they're all working the "Royal Road Rich Text Format (RTF) weaponizer," and using it to exploit CVE-2017-11882 and CVE-2018-0802.
Sodinokibi ransomware is using a Windows privilege-escalation bug, CVE-2018-8453, to gain admin access in its targets. As ZDNet notes, it's relatively unusual for ransomware to exploit a privilege-escalation vulnerability. But what's not unusual is this: the bug, patched in October 2018, moved from state exploitation to criminal exploitation. It came to light as a zero-day exploited by FruityArmor, a state-directed espionage crew active mostly against Middle Eastern targets.
BleepingComputer reports that the Silence gang was behind recent robberies of Bangladeshi banks. The gang's two core members are apparently Russian-speakers believed to be white hats gone rogue. Their crimes involve jackpotting by money mules.
Google's Project Zero has confirmed that under certain circumstances a malformed message can brick an iPhone. An affected device can be recovered, Forbes reports, but at the cost of losing data.
Forensic lab Eurofins is paying the extortionists who hit it with ransomware. The BBC says the amount is unknown but large; the Times puts it at "hundreds of thousands of pounds."
Hal Martin, the former NSA contractor convicted of unlawful retention of defense information, will have his sentencing hearing on July 17th. The Washington Post observes that his widely suspected connection, if any, to the ShadowBrokers leaks remains as obscure as ever.
Today's issue includes events affecting Australia, Bangladesh, China, European Union, Hong Kong, Iran, Ireland, Kenya, Russia, Ukraine, United Kingdom, United States.
Bring your own context.
Not all criminal hacking is done for direct, Willie-Suttonesque reasons (that is, going where the money is). An indirect approach is often better in the long run.
"But if you consider, for example, a bank—a bank has a fairly large security budget. A marketing company, on the other hand, does not. It might be easier hacking a marketing tool or an analytics tool or a chat service than hacking a bank. But once you've hacked those, you've actually hacked the entirety of their users. Instead of spending your time hacking a bank, going through a big effort, you can hack a marketing tool that works with banks, and hack twenty banks with less effort, which will be, obviously, much more lucrative."
—Avital Grushcovski, co-founder of Source Defense, on the CyberWire Daily Podcast, 7.3.19.
Sometimes you go through the soft target as a means of getting to the hard target.
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
Cyber Security Summits: DC on July 16 and in Chicago on August 27(Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - July 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
'Twas the night before(SecureList) Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.
Google Confirms Apple iPhone Bricking iMessage Bomb(Forbes) A simple iMessage can turn your iPhone into an unusable brick according to a Google security research project which has just disclosed the methodology behind the attack. Here's what you need to know, and what you need to do next to make sure your iPhone doesn't fall victim to this attack.
Issue 1826: iMessage: malformed message bricks iPhone(Project Zero) The method -[IMBalloonPluginDataSource individualPreviewSummary] in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.
WannaLocker targets banks in Brazil(Avast) Find out how Avast threat researcher Nikolaos Chrysaidos tracked a new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware
New Backdoor and Malware Downloader Used in TA505 Spam Campaigns(BleepingComputer) Several malicious spam campaigns are distributing new malware strains according to Trend Micro researchers, with the Gelup downloader and the FlowerPippi backdoor being used to attack targets from the Middle East, Japan, India, the Philippines, and Argentina.
The Logic of a Classic Advanced Persistent Threat Attack(HackRead) Advanced persistent threats (APTs) are increasingly targeting enterprise networks nowadays. This article highlights a recent attack against a large, well-protected Australian organization that entailed a major data breach.
FAI: No data leaked in cyber attack(Irish Examiner) The FAI says no data was extracted from its servers when its Abbottstown headquarters was hit by a cyber attack on the June bank holiday weekend.
Even Dropbox and Box aren't Safe(Menlo Security) Software as a service (SaaS) is changing the world, as nearly all new businesses use “as a service” solutions to ensure business productivity and seamless collaboration across different functions, both internally and externally to the organization.
The biggest concern for election security may be phishing(Fifth Domain) An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers.
Someone is wrong on the Internet(TechCrunch) You wake up, and check your phone, and see a new condemnation. Some awful person has said something outrageously insulting. Something actually evil, if you think about it. Something that belittles, dehumanizes, and/or argues against the freedom and agency of a whole category of people. You add your…
Microsoft applies to join Linux security inner sanctum(MSPoweruser) Microsoft recently revealed that it runs more Linux than Windows 10 jobs on their Azure servers. Keeping all those instances secure is obviously very important which may explain why Microsoft has applied to join one of the most important Linux security mailing lists. The Linux-distros security list is a closed list for unreleased security issues …
Algorithmic Governance and Political Legitimacy - American Affairs Journal(American Affairs Journal) In ever more areas of life, algorithms are coming to substitute for judgment exercised by identifiable human beings who can be held to account. The rationale offered is that automated decision-making will be more reliable. But a further attraction is that it serves to insulate various forms of power from popular pressures. Our readiness to…
Zscaler acquires Appsulate(Telecompaper) US cloud security company Zscaler acquired Appsulate, a cyber-security firm set up in 2016 by entrepreneurs Alex Negrea (Romania) and Uli Mittermaier (USA), according to Romanian publication startupcafe.ro citing Zscaler's financial report for Q3.
Report: All Four Major Mobile Networks in the UK Are Using Huawei 5G Gear(Gizmodo) UK telecoms aren’t taking warnings from U.S. intelligence agencies that telecommunications gear produced by Chinese tech giant Huawei could pose a security risk incredibly seriously, at least according to a report from the Observer, which reported on Saturday that all four major carriers in the country are currently or are planning on using Huawei networking gear for their rollout of next-generation 5G technology.
Akamai wants to win more cybersecurity contracts in Korea (Korea Times) Akamai Technologies, a U.S.-based content delivery and cloud service provider, is trying to secure more Korean companies in the cybersecurity sector, strengthening sales and marketing efforts here, the company said Wednesday.
Take A Wait And See Approach With Rapid7(Seeking Alpha) Rapid7 has transformed into a SaaS with 85% of revenues being recurring. The company is pioneering the Security Operations industry, but there is intense competition.
What the Pentagon learned from Cyber Lightning 2019(Fifth Domain) The Department of Defense’s cyber leaders are using a spring exercise – where for the first time multiple teams helped commanders understand their cyber options in theater – as a way to better work together in future conflicts.
Cyber Flag Exercise Focuses on Partnerships(U.S. DEPARTMENT OF DEFENSE) More than 650 cyber professionals from across the Defense Department, other federal agencies and partner nations joined together for Cyber Flag 19-1, a weeklong cyber exercise designed to enhance
Defending Downwind as the Cyberwar Heats up(SecurityWeek) While global corporations have been targeted by Iran-linked threat actors, the escalating tensions in recent weeks will inevitably bring more repercussions as tools and tactics change with new strategic goals.
Unencrypted Data: A Villain in Disguise(Channel Futures) Barracuda notes that data breaches are on the rise, and new threats are emerging every week. These cyberattacks harm companies and consumers, and their cost is rapidly rising.
CSOs should look to orchestration, automation to bridge security policy, information silos(CSO) Security orchestration, automation and response (SOAR) may have only emerged as an industry buzzword a little over a year ago, but the integrSecurity orchestration, automation and response (SOAR) may have only emerged as an industry buzzword a little over a year ago, but the integration and automation that lie at its core have rapidly gained currency with CSOs whose roles increasingly involve unifying silos of security information and translating them into action.
Summer Scam Alerts: Don't Let Crooks Wreck Your Family Travel Plans | McAfee Blogs(McAfee Blogs) While our click-and-pay digital lifestyle makes accessing travel and entertainment more convenient, for every app or website we loop into our travel This summer, be mindful that while you intend to relax and unwind a little, cybercriminals are working overtime to catch consumers off guard. Here are just a few of the latest travel scams that could affect your family this summer and tips on how to amp your security.
Quick Heal 1st Indian firm to get US patent for anti-ransomware tech(Zee Business) "The cutting-edge anti-ransomware technology is capable of providing advanced protection against the rising threat of ransomware to consumers` digital devices and enterprise endpoints," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies.
Google Chrome to Unload Heavy Ads With Intensive Resource Usage(BleepingComputer) Google is currently working on adding a new feature to the Chrome web browser designed to automatically unload ad iframes which use an outrageous amount of system resources in an effort to shrink the browser's CPU and network footprint.
Kaspersky calls for limits on forced source-code disclosure(Computerworld) Security software vendor Kaspersky has called for the government to introduce limits on the potential compelled disclosure of source code under the regime introduced by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA Act).
Sen. Rubio touts DHS cybersecurity resources(Homeland Preparedness News) Sen. Marco Rubio (R-FL) is encouraging Florida League of Cities and Florida Association of Counties officials to take advantage of Department of Homeland Security (DHS) resources to bolster cybersecurity efforts.
Bipartisan bill would mandate DHS to keep a close eye on deepfakes(FedScoop) A bipartisan bill making its way through Congress would require the Department of Homeland Security to keep its eye on deepfakes content and technologies used to create it. Under the”Deepfakes Report Act of 2019,” the secretary of homeland security would need to file reports every 18 months on the national security impacts of deepfake content — fake …
Connectivity becomes too dangerous: Putting manual security back into the grid(Resilience) The U.S. Senate passed a bill last week that would form a government-industry working group to "examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators." ... If we truly want long-term solutions to the problems that vex us in our increasingly high-tech society, then we will have to look elsewhere than the technologists.
How to Protect Our Kids' Data and Privacy(WIRED) Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.
Mystery of NSA leak lingers as stolen document case winds up(Washington Post) A high-profile raid at the home of a National Security Agency contractor seemed to be linked to the devastating leak of U.S. government hacking tools, but three years later, with the case close to being resolved, whoever was behind the leak is a mystery
Cyber attack: ‘worm could kill post’(The Australian) Australia Post has been found to be “not cyber resilient” by the nation’s Auditor-General, who ruled that the key government business enterprise had failed to effectively manage risks.
Eight Arrested Over Cyberattacks Against Hong Kong Police(SecurityWeek) Hong Kong police have arrested eight people for stealing and disclosing personal information of officers online, as the city grapples with the aftermath of unprecedented anti-government protests that saw its parliament ransacked.
British Airways set to be fined £183m for customer data breach(Evening Standard) British Airways is set to be fined more than £183 million over a customer data breach. The total proposed fine of £183.39 million would be the biggest penalty ever issued by the ICO. It is the equivalent of 1.5% of BA's global turnover for the financial year ending December 31. The fine relates to the theft of customers' personal and financial information between June 2018 and September 2018 from the website ba.com and the airline's mobile app.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.