Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
July 16, 2019.
By the CyberWire staff
Two other video conferencing services appear to be vulnerable to the same security issues that Zoom confronted last week. The video-on problem also afflicts RingCentral and Zhumu, BuzzFeed reports. It's not surprising, as both companies license Zoom technology, and their white-badge versions are susceptible to the same problems.
Broadcom's proposed acquisition of Symantec is on indefinite, perhaps permanent, hold, according to CNBC and other sources. The two companies suspended talks when Symantec balked at going below a share price of $28. CRN reports, however, that Broadcom may not have given up on the deal entirely, and that talks could resume at some future point.
The gang behind GandCrab ransomware may have said it folded its tent after making plenty of money, but their retirement may have been exaggerated. KrebsOnSecurity offers some reason to think they might have pitched their tent on fresh criminal ground. This time they seem to be involved with the REvil strain of ransomware, also known as Sodin and Sodinokibi.
Bravo, Emsisoft. The company has released a free decryptor for Ims00rry ransomware.
Bloomberg reports that Peter Thiel, Palantir Chairman and co-founder, on Sunday called for an investigation of Google for "treasonous" behavior with respect to China. He suggested that Google had been thoroughly penetrated by Chinese intelligence agents, and that its willingness to work on a search engine for Chinese use that would be managed and closely censored by Beijing while at the same time declining work on US defense projects raises questions about Mountain View's trustworthiness.
Today's issue includes events affecting Bulgaria, China, European Union, Israel, Italy, Japan, Republic of Korea, Russia, United Kingdom, United States.
Bring your own context.
Why don't more enterprises think about threats like DNS tunneling when they're aware of so many other attack vectors?
"They're not thinking of it as an attack vector. That's the most simple example. The other is that when they host authoritative zones inside a business - you'll find many businesses have a sort of private zone for their internal data centers, their internal hostname resolution - they often don't think about the fact that those are recursive resolvers to the open Internet, and so they may be locking down the name lookup to just that handful of hosts."
—Mike Benjamin, senior director of threat research at CenturyLink's Black Lotus Labs, on the CyberWire Daily Podcast, 7.12.19.
As Mr. Springsteen once put it, there's things that'll knock you down you don't even see coming, but isn't one of them.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. Episode 116, which enjoys the alliterative title "Darknet DDoSer Does Damage to Dread," offers a look at the online places the bad actors inhabit. Criminal markets on dark web forums are the online version of a bad neighborhood, complete with sellers, buyers, and people who make their living connecting those groups. They tend to be self-policing, and so when an individual discovers a fundamental flaw in the technical foundation of the community and then decides to take advantage of that flaw to hold entire markets for ransom, that tends to get people’s attention. It’s a high-stakes game. Daniel Byrnes is a senior threat intelligence analyst with Recorded Future’s Insikt Group, and he found himself on a journey down a dark web rabbit hole to try to make sense of the situation.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Turla renews its arsenal with Topinambour(Sec ureList) Turla's developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.
Is ‘REvil’ the New GandCrab Ransomware?(KrebsOnSecurity) The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”
Vulnerability Summary for the Week of July 8, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit the NIST NVD for updated vulnerability entries, which include CVSS scores once they are available.
Fake PrivatBank email delivers AgentTesla and Phishing(My Online Security) I received a rather interesting email earlier today. It pretends to be an email from Privatbank.com and written mainly in Ukranian. There is not a known bank using PrivatBank.com anywhere I can find…
Why Cities Are a Low-Hanging Fruit For Ransomware(Threatpost) In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.
What’s Broadcom Thinking?(Tool Box Tech) It came as a bit of a surprise last year when it was announced that Broadcom, a semiconductor maker, was taking over CA Technology, perhaps best known for its mainframe software. But now, Broadcom is said to be in advanced talks with Symantec, a software cybersecurity company. So, what does it look like Broadcom is planning?Let’s look at a bit of...
DefenseStorm Secures $15M in Series A Funding(Yahoo) DefenseStorm, a leading cloud-based cybersecurity and cybercompliance management provider to regional and community banks and credit unions, announced today that it has raised $15M in a Series A financing round led by Georgian Partners. Justin LaFayette, Managing Partner at Georgian Partners, will join
Securing Space: Kaspersky to Give Cosmonauts Cybersecurity Training(Al Bawaba) Kaspersky is proud to announce its new partnership with the Gagarin Research and Test Cosmonaut Training Center – the location in Star City where cosmonauts from all over the world prepare to go to space. As part of this collaboration, the company will hold special training for cosmonauts, as well as IT specialists at the center, to educate them on the current cybersecurity landscape.
Six Niche Security Certifications(Go Certify) Sometimes you have to step off the beaten path to find the right certification. Let's take a look at the world of computer security certifications, and see which certs some people may be overlooking.
Kaspersky helps SOCs to combat cyberthreats(IT-Online) Kaspersky’s new offering for Security Operations Centers (SOCs) combines the company’s competences, solutions and services with its Red Teaming service, which helps evaluate how well internal security teams are prepared for tailored breach scenarios. The combination will enable enterprises with SOCs to overcome the issues that concern them the most. For large organisations, establishing a …
NSA Uses This Challenge To Recruit New Talent(Wonderful Engineering) The National Security Agency uses its best and the brightest experts of cybersecurity for coming up with a cyber challenge. This cyber challenge, known as Codebreaker Challenge, is then provided to more than 330 schools and 2,600 students
8 in 10 IT Leaders Want to Eliminate Passwords(Security Magazine) New research reveals that enterprise users and security professionals alike are frustrated by the inefficiency and lax security of passwords for user authentication.
Huawei executive denies claim of ties to Chinese intelligence(PBS NewsHour) For months, the Trump administration has accused Chinese telecommunications giant Huawei of being a threat to U.S. national security, warning that data could be channeled through the company’s equipment to China’s intelligence services. Huawei is effectively banned from U.S. networks. What does the company think of Trump’s stance? Nick Schifrin talks to Huawei Senior Vice President Vincent Pang.
Facebook’s testimony to Congress: Libra will be regulated by Swiss(TechCrunch) The head of Facebook’s blockchain subsidiary Calibra David Marcus has released his prepared testimony before Congress for tomorrow and Wednesday, explaining that the Libra Association will be regulated by the Swiss government because that’s where it’s headquartered. Meanwhile, he …
House passes bills to boost small business cybersecurity(TheHill) The House passed legislation by voice vote on Monday intended to increase cybersecurity at the Small Business Administration (SBA) and separately approved a bill to help small businesses defend against cyber attacks.
Ousted UK ambassador leaked US intelligence(Washington Examiner) Leaked U.K. diplomatic cables critical of President Trump have led Britain’s ambassador, Sir Kim Darroch, to announce his departure from Washington earlier than expected. But the story is not yet concluded.
Privacy Group Asks FTC to Investigate Zoom(Decipher) EPIC, a privacy rights organization, has filed a complaint asking the FTC to look into Zoom’s actions after the disclosure of several vulnerabilities in its Mac client.
FY 2019 EPA Management Challenges(US Environmental Protection Agency Office of the Inspector General) Attention to agency management challenges could result in program improvements and protection for the public, and increased confidence in management integrity and accountability.
Paying the Piper: What we learned from the British Airways fine(Clearswift) The Breach Truth be told it was never really a question of ‘if’ but rather ‘when’ a significant fine for GDPR non-compliance would occur. Following the announcement that British Airways has been fined £183m, we have now seen the intent of the Information Commissioners Office (ICO) in following through on promises of substantial fines if businesses are found to be in contravention of the regulation.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
North American International Cyber Summit(Detroit, Michigan, USA, October 28, 2019) Taking the Lead: Collaborating to Solve National Cyber Security Problems – Building partnerships and balancing competition and information sharing for improved security. The theme is designed to highlight...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.