Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
July 15, 2019.
By the CyberWire staff
Avast follows up the trend toward cross-site request forgery attacks against routers with a report on the exploit kits used. The attacks had been noted earlier by Radware and NetLab. Victims continue to be concentrated in Brazil.
CoinDesk reports that Japanese alt-coin exchange Bitpoint has halted all activity while it investigates the theft of some $32 million in cryptocurrency.
The Wall Street Journal reported late Friday that the US Federal Trade Commission had approved a $5 billion settlement over Facebook privacy missteps in connection with the Cambridge Analytica data scandal. The agreement, which is thought to contain provisions for closer privacy oversight, now goes to the Justice Department's Civil Division for final review.
As big as $5 billion may seem, Congressional critics calling the settlement a "slap on the wrist" point to Facebook's very high revenues, which were, the Washington Post notes, $15 billion for the last quarter alone. An opinion piece in the Verge argues that in the context of profits and history, Facebook got off lightly.
Deutsche Welle reports that an "unprecedented" power failure affecting Argentina, Uruguay, and Paraguay yesterday remains under investigation, but Argentina's Energy Ministry says a cyber attack is "not among the main alternatives being considered." MSNBC quotes New York City's Mayor DeBlasio saying the city is "as certain as we can be" that Manhattan's weekend blackout was not caused by a cyber attack. Power has been largely restored in both instances. Official announcements concerning grid failures now routinely address the possibility of cyber attack.
Today's issue includes events affecting Argentina, Bahrain, Brazil, Canada, China, Egypt, Germany, Iran, Japan, Libya, Morocco, Oman, Paraguay, Russia, Saudi Arabia, Sudan, Turkey, United Arab Emirates, the United Kingdom, United States, and Uruguay.
Bring your own context.
The UK's Information Commissioner's Office has fined two big companies, British Airways and Marriott, for violations of GDPR. The European General Data Protection Regulation, as has long been expected, will have global reach.
"And what's even more curious is that one of the businesses that was singled out was actually based in the United States. I think that should be a very big hallmark of things to come not only with United States businesses and international businesses doing operations in the EU theater of operations, but also, how is this going to change regulations and fines of data breaches around the world, not just in the EU?"
—Justin Harvey, global incident response leader at Accenture, on the CyberWire Daily Podcast, 7.11.19.
If nothing else, the enforcement actions should induce boards and C-suites to take a closer look at regulatory risk.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Alleged Iranian hacker who aided cyber espionage attacks on the US unmasked(Fox News) For years, “Mr. Tekide” has been well-known as a red flag within international cybersecurity communities. The alias has managed to evade being publicly identified despite being deemed a top malware developer and hacker whose crypters – which are used to conceal malware in an attack – have been used in cyber espionage attacks on the United States and broader West, as well as Sunni Arab countries and Israel.
New TrickBot Attack May Have Compromised 250 Million Email Addresses(Digital Trends) TrickBot returns with a new attack that teams up the malware with an email-based infection and distribution module dubbed TrickBooster. An investigation into TrickBooster's servers discovered a database with 250 million compromised email accounts, including from US government departments.
NYC blackout 'not a cyber attack': mayor(Reuters) As officials seek answers for a five-hour blackout in New York's Manhattan, the city's mayor says the power outage was not a cyber attack or an act of terrorism. Rough Cut (no reporter narration).
12 top cloud security threats: The dirty dozen(CSO Online) More data and applications are moving to the cloud, which creates unique infosecurity challenges. Here are the "Treacherous 12," the top security threats organizations face when using cloud services.
In an online world, we could forget everything(Times) An unpretentious rom-com lured me into a labyrinth of historical reflection, mild technophobia and tentative neuroscience. Yesterday is directed by Danny Boyle and written by Richard Curtis (with...
Don’t blame flawed Silicon Valley for the rot of Wall Street and Washington(TechCrunch) The techlash is well underway. Blame Facebook! Blame Google! Blame Amazon! (Apple and Microsoft still seem relatively immune, for now.) And, I mean, there’s a lot of objectively blameworthy behavior there, especially in that first case. But I find myself wondering: why does the ire go beyond …
Huawei Plans Extensive Layoffs in the U.S. (Wall Street Journal) Huawei Technologies is planning extensive job cuts at its U.S. operations as the Chinese technology giant continues to struggle with its American blacklisting.
BlackBerry juices up threat hunting software(ComputerWeekly) Things changed at BlackBerry, more than once, to be fair. The company that used to be known as Research in Motion (RIM) decided to drop the somewhat incongruous name and some bright spark in ...
“Five Eyes” Nations Finish Large-Scale Cyber Exercise(Air Force Magazine) Military personnel from the US and the other “Five Eyes” intelligence-sharing partner nations came together for a large-scale exercise focused on preparing for cyberattacks and keeping adversaries out of critical infrastructure.
On the Viability of Conspiratorial Beliefs(Plos One) Conspiratorial ideation is the tendency of individuals to believe that events and power relations are secretly manipulated by certain clandestine groups and organisations. Many of these ostensibly explanatory conjectures are non-falsifiable, lacking in evidence or demonstrably false, yet public acceptance remains high.
The Shifting Dynamics of Britain's National Security Threats(Global Security Review) With the advent of the twenty-first century came differing classifications of national security threats and a shifting order of strategic preeminence. The risk of extremism and consistent alienation of citizens in European countries have both expanded and diversified. Some European Union member states in the EU require security sector reforms and the replacement of old …
Huawei calls on US to lift export restrictions(AP NEWS) The chairman of Huawei said Friday the Chinese tech giant has yet to see any benefit from President Donald Trump's promise to allow U.S. companies to sell some components to...
Policy Brief: Principles for Responsible Data Handling(Internet Society) Introduction More and more of our activities generate data which is collected and used in ways we don’t see and can’t control. While the data is used for analytics and targeted advertising that can potentially improve services enhance our experience as consumers or public service users, its use can also undermine privacy, autonomy, and trust …
If 5G Networking Is a U.S. Intel Priority, Should It Receive U.S. Intel Funding?(Breitbart) David P. Goldman, China policy expert and frequent guest on Breitbart News Tonight, offered what he described as a “modest proposal” in an article published Thursday at PJ Media: If 5G wireless is so clearly a concern for U.S. intelligence, a portion of the intelligence budget should be invested in creating an American competitor to China’s dominant Huawei corporation.
State lacks basic cyber hygiene(Longview Daily News) Imagine a customer service survey composed of a series of questions and circles to fill in according to your level of response: A circle left blank means "Poor." A half-darkened
FTC Approves Roughly $5 Billion Facebook Settlement(Wall Street Journal) The Federal Trade Commission voted this week to approve a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy missteps, according to a person familiar with the matter.
FTC votes to approve $5 billion settlement with Facebook in privacy probe(Washington Post) The Federal Trade Commission voted to approve a roughly $5 billion settlement with Facebook ending an investigation into its privacy practices, according to a source familiar with the matter but not authorized to speak on the record, a deal that could result in unprecedented federal oversight of the company.
Special counsel Mueller's testimony delayed until July 24(KLEW) WASHINGTON (AP) — Special counsel Robert Mueller's testimony to Congress has been delayed until July 24 under an agreement that gives lawmakers more time to question him. Mueller had been scheduled to testify July 17 before two house committees about the findings of his Russia investigation. But lawmakers in both parties complained that the short length of the hearings would not allow enough time for all members to ask questions.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
CyberCon(Anaheim, California, USA, November 19 - 21, 2019) CyberCon is a solutions-based cybersecurity conference connecting executives and decisions makers in the power and utilities sector to cybersecurity experts and industry specific solutions. By attending,...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.