Visit LookingGlass Cyber Solutions at BlackHat USA 2019
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
July 9, 2019.
By the CyberWire staff
Researcher Jonathan Leitschuh reports a serious vulnerability in Zoom's Mac video-conferencing tool that allows "any website to forcibly join a user" to a call, complete with camera access.
Microsoft warns that a campaign using the fileless Astaroth information-stealing Trojan is underway. Astaroth lives off the land, which can render detection difficult. On the other hand, as BleepingComputer quotes Microsoft, anomalous behavior might betray Astaroth to systems looking for suspicious behavior.
ESET identifies a campaign using torrents to distribute the familiar GoBot2 backdoor. The bait consists of Korean movies and television shows; most of the victims have been in South Korea.
The fine the UK's Information Commissioner's Office levied against British Airways for a September databreach is confirmed to be £183 million (roughly $229 million), far exceeding the ICO's previous record of £500,000, Forbes observes. High as it is, the fine is shy of the 4% of annual turnover the ICO could have taken. In British Airways' case, 4% would have amounted to £500 million. The airline, which points out that it disclosed the breach within a day of discovery and has since found no sign of large-scale criminal exploitation, intends to appeal. The ICO apparently intends the penalty as a deterrent: any site that handles personal information should take careful note.
NSA's Inspector General rendered the agency's required annual report to Congress. It sees Fort Meade struggling with many of the same cybersecurity issues that concern other Government agencies: no "serious or flagrant problems or abuses," but some "significant" issues.
Today's issue includes events affecting China, Croatia, European Union, Finland, Republic of Korea, Russia, Slovakia, United Kingdom, United States.
Bring your own context.
Open source software is of course pervasive and usually effectively inescapable. But it can bring problems along with it.
"One of the vulnerabilities that we saw last year - and this is right now top of the leaderboard, we've never seen it quite this striking - is a vulnerability that was in FreeBSD. And so, this particular application was using a very old version of FreeBSD that had a vulnerability that was disclosed in May of 1990. Or the way we put it, probably it's older than some of the developers working on modern code."
—Tim Mackey, principal security strategist within the Synopsys Cyber Research Center, on the CyberWire's Research Saturday, 6.29.19.
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
Cyber Security Summits: DC on July 16 and in Chicago on August 27(Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - July 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Malicious campaign targets South Korean users with backdoor-laced torrents(Posilan Ltd) ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect …
Microsoft Discovers Fileless Astaroth Trojan Campaign(BleepingComputer) A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers.
Who’s Behind the GandCrab Ransomware?(KrebsOnSecurity) The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.
The Scene: Pirates Ripping Content From Amazon & Netflix(TorrentFreak) Traditionally, a major source of high-quality pirate releases has been retail discs, such as Blu-ray or DVD. Today, torrent and streaming sites are regularly fueled by content culled from streaming services such as Netflix and Amazon. Known online as WEB releases, these files are the product of a decryption process using tools mostly not intended for public use.
3 ways IoT devices compromise security(Fifth Domain) The National Institute of Standards and Technology released a report detailing the cybe security and privacy risks associated with the Internet of Things.
Vulnerability Summary for the Week of July 1, 2019(CISA) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Hacker Ransom Demands From Cities Are Growing(The Crime Report) “It is quite profitable for the actors to conduct these sorts of attacks on victims,” said FBI agent Adam Lawson. “At the end of the day, people are paying the ransoms.” The FBI received nearly 1,500 ransomware reports last year.
County cyber attack: Database still down, but costs covered(Citizens' Voice) The effects of a May cyber-attack on the Luzerne County computer network are still being felt, though nearly all costs the county incurred thus far should be covered by insurance, according to county Manager David Pedri. The county real estate database —
Social Engineering: The Non-technical Strategy to a Successful Cyber Attack(GC Capital Ideas) Cyber threat actors and their techniques have evolved, but most attacks still contain elements of social engineering. Without complex tools, software or extensive knowledge about the security platform, social engineering is an effective, non-technical strategy used by cyber criminals. It relies primarily on human interaction to gain trust and manipulates people into breaking standard security …
Virginia firm wins $35M contract for tech work at AFRL in Rome(Central New York Business Journal) The U.S. Department of Defense has awarded CACI Technologies Inc. of Chantilly, Virginia, a more than $34.8 million cost-plus-fixed-fee contract to develop and test software agility and resiliency software/hardware for the Air Force Research Laboratory (AFRL) in Rome.
Carbon Black: Attractive Buy Before Q2 Earnings(Seeking Alpha) Carbon Black reported a very strong Q1 earnings in early May, with revenue growing 21% and cloud revenue growing 80%. Despite the Q1 beat, management only slightly raised full year guidance, implying a conservative approach to the year. Valuation remains a little under pressure and relatively cheap compared to other faster-growth software security names.
Splunk Is Still A Great Buying Opportunity(Seeking Alpha) Splunk offers a platform that helps users derive new insights from machine data. The company has YoY revenue growth of 37.5%, positive free cash flow and scores quite well on the Rule of 40. It is fairly valued relative to other software stocks.
Northrop Grumman Board Names Kathy J. Warden Chairman(Northrop Grumman Newsroom) The board of directors of Northrop Grumman Corporation (NYSE: NOC) has elected Kathy J. Warden as its chairman, effective August 1, 2019. Warden will serve as chairman, chief executive officer and president. Warden...
Cyber security risk ratings cannot accurately assess cyber risk across industrial ecosystems (Control Global) According to the Bitsight report, security ratings allow the electric utilities industry to accurately assess risk across their business ecosystem. However, cyber security ratings currently can’t address control system cyber security yet control systems are existential for any industrial organization. Until there is better understanding of the control system cyber risks, security ratings for industrial organizations are meaningless.
European power grids cooperate on cyber-security(SC Magazine) Aurélio Blanquet, the recently elected Chair of the European Network for Cyber Security (ENCS ) Assembly Committee, calls for harmonisation and cooperation, particularly to close skills gap.
Attackers turn the tables on incident response strategies(SearchSecurity) Incident response strategies are not enough to protect against attackers who have incident response counterstrategies. Find out how attackers persevere against well-prepared targets and how to keep the upper hand.
Inside Facebook’s information warfare team(Silicon Valley Business Journal) The social media giant’s ‘info ops’ team is at the frontline of its war on disinformation. Staffed by former intelligence operatives, investigative journalists and hackers the team has become increasingly slick.
NSA Releases Semi-Annual Report to Congress(Lawfare) The National Security Agency’s Office of the Inspector General released an unclassified version of its mandatory semi-annual report to Congress covering Oct. 1, 2018 to March 31, 2019. The full document is available here below.
Lessons From An Israeli Company's Cybertech Patent Litigation(Mondaq) With origins dating back to 1996 and claiming more than $350 million in patent licensing revenue, Finjan Holdings is a frequent plaintiff in U.S. patent litigation. United States Intellectual Property Finnegan, Henderson, Farabow, Garrett & Dunner, LLP 9 Jul 2019
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.