Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
July 18, 2019.
By the CyberWire staff
Deep Instinct sees a new capability in TrickBot: email credential harvesting. They're tracking TrickBooster, a new module that's able to infect email accounts, use them to send spam, and then delete the spam from the "sent" email box. There's potential in such an approach for what Barracuda calls, in a new report, "lateral phishing." This technique uses hijacked accounts to send malicious spam to its victims, counting on their familiarity with the apparent sender to induce them to open the email.
Researchers at Confiant have found that a Hong Kong actor is trafficking in malvertising that effectively poisons the online advertising supply chain. The actor, "fiber-ads" or "ClickFollow," is engaged in familiar kinds of ad fraud. Their activity also poses a risk of directing victims to landing pages that infect visitors with malware or at least unwanted programs.
NBC News tweets that Senator Schumer (Democrat of New York) has asked the US Federal Trade Commission to open an investigation into FaceApp. At issue is what the Senator characterizes as FaceApp's requirement that users give it "full and irrevocable access" to their images and associated data. He sees the Russian-developed app as posing a threat to both privacy and national security.
Microsoft says it's detected a lot of state-directed cyberattacks over the past year, most of them originating from Russia, Iran, and North Korea. Redmond hints darkly that much of the activity represents an assault on democratic process. USA TODAY sees the warning as a sales pitch for election security tools.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
And Hacking Humans is up. In this episode, "The skills gap disconnect," Dave shares a listener story of scammers calling drug stores to try to gather customer rewards points. Joe describes federal contractors being scammed out of over $10 million of hardware, some of it classified communications equipment. The catch of the day starts with a bank email scam and ends with a Rickroll. Carole Theriault speaks with Michael Madon, head of security at Mimecast about the cyber security skills gap.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
New cyberthreats require new ways to protect democracy(Microsoft on the Issues) Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing...
Google’s Tool to Tame Election Influence Has Flaws(Wall Street Journal) Google’s searchable database of political ads, set up to bring more transparency to digital campaign advertising, is fraught with errors and delays, according to candidates’ digital staffers and political consultants.
Threat Spotlight: Lateral Phishing(Barracuda) Account takeover continues to be one of the fastest growing email security threats, but attackers are starting to adapt, introducing new ways to exploit compromised accounts.
Group Behind Windows 10 App Malvertising Pushed 100M Ads in 2019(BleepingComputer) A group behind the recent outbreaks of malicious advertisements being displayed through Windows 10 apps and Microsoft games has been identified as being based out of Hong Kong. This group is behind millions of advertisements that redirect users to scams, malware, and adware bundles.
American Express Customers Targeted by Novel Phishing Attack(BleepingComputer) A phishing attack using a novel technique to steal credentials from American Express customers was recently found in an email inbox protected using Microsoft's Office 365 Advanced Threat Protection (ATP) by Cofense Phishing Defense Center researchers.
This Phishing Attacker Takes American Express—and Victims’ Credentials(Cofense) Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Seeking to harvest account credentials, the phishing emails use a relatively new exploit to bypass conventional email gateway URL filtering services. Email Body Take a look at the email below—the body of the message is riddled with grammatical errors. It asks the would-be victim to verify his or her personal information “Due to a recent system maintenance” and says that failure to comply would lead to a “temporary suspension” of the account. This is a tactic we see from attackers...
Vulnerable Firmware in the Supply Chain of Enterprise Servers(Eclypsium) Eclypsium examines how BMC firmware vulnerabilities in the supply chain of major server manufacturers put customers at risk of data loss and attack. Technical analysis into BMC firmware vulnerabilities in the supply chain of major server manufacturers. Weaknesses in third party BMC firmware affected multiple vendors and made customers susceptible to data loss and permanent damage to hardware, while enabling attackers to persist even across new operating system installation.
Another 2.2 million patients affected by AMCA data breach(TechCrunch) Another clinical lab ensnared in the AMCA data breach has come forward. Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information stolen in the previous…
FinCEN Warns Banks of Business Email Compromise Scams(ABA Banking Journal) Business email compromise schemes—though which fraudsters target businesses and their fund transfers—generated more than $300 million a month in illicit revenue during 2018, the Financial Crimes Enforcement Network reported today.
One of the most pernicious tools that Silicon Valley uses to control the flow of information to the public is decidedly low-tech: briefing reporters “on background.” According to the Associated Press, an on background arrangement with a reporter means that “information can be published but only under conditions negotiated with the source. Generally, the sources […]
DUST Identity Raises $10M For Supply Chain Security(PYMNTS.com) Pioneers of the first diamond-coated unclonable security tag for supply chain security and end-to-end tracking, DUST Identity has announced $10 million in Series A funding. The investment will be used to accelerate product development and engineering while also fueling global go-to market strategy and deployment, DUST Identity said in a press release. Led by Kleiner Perkins, […]
Israel is way ahead in cybersecurity(The Suburban Newspaper) I just got back from the 9th edition of Cyber Week in Tel Aviv, a global cybersecurity conference that drew 8,000 participants, and it is clear that
Lantech launches cybersecurity partnership with Proofpoint(Telecompaper) Lantech, a supplier of security and managed infrastructure services, has entered into a partnership with US cybersecurity specialist Proofpoint. Both parties hope in this way to strengthen their position in the field of email security and security awareness within the SME and enterprise segment.
U.S. Cyber Command simulated a seaport cyberattack to test digital readiness(CyberScoop) When U.S. Cyber Command simulated a cyberattack against a seaport last month, military personnel hunted for adversaries who appeared to be using malware against a critical trade hub. It was the latest version of an annual weeklong test known as “Cyber Flag” that teaches cyber staffers better defend against critical infrastructure attacks, military commanders involved in the exercise told reporters in a briefing Tuesday.
WaterISAC Releases Cybersecurity Fundamentals(CISA) The Water Information Sharing and Analysis Center (WaterISAC) recently released an updated cybersecurity fundamentals guide for water and wastewater utilities. The guide includes cybersecurity best practices, grouped into 15 categories, to help sector utilities reduce exploitable weaknesses and attacks. WaterISAC is a CISA partner focused on protecting Water and Wastewater Systems Sector utilities from all hazards.
Does YouTube Ban Hacking Videos?(Acunetix) An ethical hacking channel had their YouTube videos removed. This caused a wrath of angry computer nerds, which helped to reinstate the videos. It also spawned a discussion on Google's policies.
Cyber Security Decision Paralysis(LinkedIn) In a recent article published by Psychology Today, Eva Krockow provided the following observation: “With 80,000 different options, how do you ever find your favorite drink? If you took a diligent approach and tested every single coffee drink, you’d end up spending 109 years trying two different Sta
Design and Innovation
How to train your algorithm(FCW) The federal government is starting to bet big on artificial intelligence in the federal space, but agencies must be careful not to repeat IT mistakes of the past that have resulted in insecure legacy technology.
How Deception Technology Is Evolving(BankInfo Security) Deception technology is becoming more sophisticated, enabling organizations to battle against emerging threats, says Alissa Knight, senior analyst at Aite Group, a
Facebook Denies App Changes to Avoid Breakup: Antitrust Update(Bloomberg) U.S. technology giants are headed for their biggest antitrust showdown with Congress in 20 years as lawmakers and regulators demand to know whether companies like Alphabet Inc.’s Google and Facebook Inc. use their dominance to squelch innovation. The House Judiciary antitrust subcommittee is holding a hearing Tuesday on the market power of the largest tech companies.
Facebook’s regulation dodge: Let us, or China will(TechCrunch) Facebook is leaning on fears of China exporting its authoritarian social values to counter arguments that it should be broken up or slowed down. Its top executives have each claimed that if the U.S. limits its size, blocks its acquisitions or bans its cryptocurrency, Chinese company’s absent …
Facebook Pressed on Protections for Cryptocurrency Users(Wall Street Journal) House lawmakers questioned Facebook about how its cryptocurrency should be regulated and its plans to protect users, underscoring the political hurdles facing the company as it seeks to issue the digital cash called Libra.
House passes annual intelligence bill(TheHill) The House on Wednesday passed legislation authorizing funding for U.S. intelligence agencies and activities, including key intelligence collection efforts targeting countries like Iran, North Korea, China and Russia.
Man from Utrecht arrested for producing and distributing malware(Openbaar Ministerie) Recently the high tech crime team (THTC) of the Dutch National Police Unit arrested a 20 year old resident of the Dutch city of Utrecht. He is suspected of large-scale production and selling of malware. The young man offered programs with names like Rubella, Cetan and Dryad, enabling the buyer to include secret code or malware in amongst others Word or Excel files. In view of the ongoing investigation, the arrest could not be disclosed earlier by police and National Prosecutor’s Office.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2019 Intelligence and National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2019) The Intelligence & National Security Summit, powered by AFCEA International and the Intelligence and National Security Alliance (INSA), is the premier forum for unclassified dialogue between U.S. Government...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.