skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

ESET reports on recent activity of K3chang, an "elusive" threat group engaged in cyber espionage. Most of K3chang's recent targets have been in Slovakia, Belgium, Chile, Guatemala and Brazil. ESET studiously avoids attributing K3chang, but they do observe that since its discovery by FireEye in 2013, K3chang has been associated with China. The recent campaigns show improved backdoors and greater evasiveness. In MITRE's threat group taxonomy, K3chang is also known as APT15, and sometimes as Vixen Panda or Playful Dragon.

Hacked Bulgarian tax information has begun turning up in various discreditable hacker online neighborhoods. ZDNet says that the person who posted it (someone with the nom-de-hack "Instakilla") obtained it from a download link carelessly displayed by a Bulgarian television news report. Instakilla crowdsourced a solution to the password and has now made the data available. He's not worried about doing so. Since he's not the "original hacker," he doesn't "feel accountable for anything." The alleged original hacker has now been identified. Computing magazine, citing Bulgarian sources, identifies the suspect as Kristiyan Boykov, age 20. Mr. Boykov had worked for TAD Security, perhaps in a training role. Some of his students are said to have been members of the police cyber squad that collared him.

Emsisoft reflects on the recent wave of ransomware hitting US local governments. The firm suggests that counties and towns are vulnerable because of outdated systems and big attack surfaces.

SC Magazine and others continue to report that hundreds of thousands of devices remain unpatched against BlueKeep.

Notes.

Today's issue includes events affecting Australia, Belgium, Bulgaria, Cambodia, Canada, Chile, China, Croatia, Czech Republic, Estonia, France, Germany, Guatemala, India, Italy, Japan, Kazakhstan, Isle of Man, Russia, Singapore, Slovakia, South Africa, Ukraine, United Kingdom, United State, and Vietnam.

Bring your own context.

Most agree that there's a labor shortage, "a skills gap," in cybersecurity. But what does that mean, exactly?

"And, of course, there's then the skills gap, which is this perception that there aren't enough qualified cyber analysts, professionals.... So here's a little bit of that disconnect. When we say cybersecurity gap and skills gap, I think it's important to really refine what jobs we are actually talking about. And there's a huge range of those jobs. Those jobs for cybersecurity range from, at the very top end, data scientists... And then at the other end of the spectrum, you're looking at an entry-level analyst - on-the-job training for entry-level SOC analyst.... So I do think it's important when we're thinking, collectively as a community, about the skills gap, what do we mean? Do we mean a skills gap for data scientists, or do we mean a skills gap for the entry-level SOC analyst, the mid-level SOC analyst? So that would then help us speak to the schools and speak to the educators and say this is more of what we're looking for.... If you look at the pharmaceutical industry, you wouldn't say, oh, there's a pharmaceutical industry skills gap. There would be a skills gap in someone who's doing, maybe biomedical research. Or there's a skills gap in something else. So to paint it with a very, very thick brush, I think the problem with doing that is it doesn't allow us to solve the actual problems. And the problems are many."

—Michael Madon, head of security awareness at Mimecast, on Hacking Humans, 7.18.19.

Seeing and understanding the specific gaps is more important than knowing that there's arguably one big gap.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Insitute, as Johannes Ullrich (dean of research and proprietor of the Stormcast podcast) shares tips on ensuring that your vulnerability scans are secure. Our guest is Richard C. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, and coauthor of the new book The Fifth Domain

And coming this Sunday, a Special Edition podcast sponsored by FTI Cybersecurity. We'll have an extended interview with Richard C. Clarke, with more discussion of the issues raised in The Fifth Domain.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Data from hacked Bulgarian tax office systems now being circulated on hacking forums (Computing) Hacked data trader called 'Instakilla' shared download links for around half the compromised data

Is industry cyber(in)security DoD’s Achilles’ heel? (Fifth Domain) The Department of Defense hosted a prototyping event to test tools that can monitor manufacturing company networks for cyber intrusions.

It's never good when 'Magecart' and 'bulletproof' appear in the same sentence, but here we are (Register) Ukrainian civil war a bonanza for dodgy malware hosting firms

FaceApp privacy panic: Be careful which apps you use (Help Net Security) The privacy panic over FaceApp, the selfie-editing mobile app that makes photo subjects younger or older, has been overblown.

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void (Malwarebytes Labs) There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations' arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Personal Data (Incl. SMS & Calls) of Mobile Loan App Users in China Left OPEN for ALL to See (Safety Detective) SafetyDetective discovered a massive leak in a China-based server, leaking personal credit information reports of million Chinese citizens.

My browser, the spy: How extensions slurped up browsing histories from 4M users (Ars Technica) Have your tax returns, Nest videos, and medical info been made public?

Ke3chang APT Linked to Previously Undocumented Backdoor (Threatpost) The cyberspy group's activities are broader than originally thought.

Okrum: Ke3chang group targets diplomatic missions (WeLiveSecurity) ESET researchers have discovered new versions of malware families linked to the elusive Ke3chang APT group, as well as a previously unreported backdoor.

New Malware Confirms User Activity Before Exploiting Backdoor To Conduct Cyber-Espionage (Appuals.com) Cybersecurity company ESET has discovered a known and elusive hacking group has been quietly deploying a malware that has some specific targets. The

I Can't Believe Mirais: Tracking the Infamous IoT Malware (Security Intelligence) Mirai malware is often perceived as a low-risk threat to enterprise security, but consumer devices in the home, when connected to corporate networks, can expose corporate networks to botnet attacks.

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C (TrendLabs Security Intelligence Blog) We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia.

Johnson Controls exacqVision Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Server Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges.

Think FaceApp Is Scary? Wait Till You Hear About Facebook (WIRED) The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny.

This strange new phishing attack uses a surprise bill to trick you into clicking (ZDNet) Researchers uncover a campaign which uses SHTML files - commonly associated with web servers - to direct users to malicious, credential-stealing websites.

New Phishing Attack Emerges using SHTML file attachments (Mimecast) This blog describes a rare type of SHTML based phishing attack emerging from the UK that the Mimecast Threat Center was alerted to.

Researchers Easily Trick Cylance's AI-Based Antivirus Into Thinking Malware Is 'Goodware' (Vice) By taking strings from an online gaming program and appending them to malicious files, researchers were able to trick Cylance’s AI-based antivirus engine into thinking programs like WannaCry and other malware are benign.

A new Equation Editor exploit goes commercial, as maldoc attacks using it spike (Sophos News) Weaponized RTF documents adopt CVE-2018-0798, another Equation Editor vulnerability

Hacked Bluetooth hair straighteners are too hot to handle (Naked Security) The Glamoriser Smart Bluetooth straightener offers up yet another example of how not to add a risky product to the Internet of Things (IoT).

Thousands of NHS computers are still running Windows XP (The State of Security) Two years after the WannaCry outbreak shone a light on the computer security of the NHS it still has 2,300 PCs running XP, an outdated operating system.

Nigerian scammers slide into DMs, so Ars trolls them (Ars Technica) Romance scams persist, somehow, by preying on the gullible; Twitter is fertile ground.

Henry County government operations may have been hit by cyber attack (Atlanta Journal Constitution) Henry County operations were taken offline after potential cyber attack

Laporte County government pays $130K ransom to hackers (WGN-TV) The government of Laporte County was the latest to have its computer systems taken over by hackers and held for ransom.

County responds to cyber scare (The Conway Daily Sun) In the wake of a serious cyberattack on neighboring Strafford County, Carroll County’s IT contractor assured commissioners that Carroll County’s data has been secured but the threats to

Why are so many US public entities being hit by ransomware? (Emsisoft | Security Blog) Many cities across the US have been hit by ransomware. What motivates hackers to target the public sector and why have these attacks been so successful?

Cities Under Siege: AppRiver’s Midyear Cybersecurity Report Finds: Local Governments in Hackers’ Sights More Often Than Ever (Yahoo) According to the new Mid-Year Global Security Report, released today by AppRiver, a Zix company (ZIXI), cyberthreats targeting municipalities are on the rise. Through the first half of 2019, a growing number of municipalities across the US were hit with crippling ransomware attacks, while several large

Security Patches, Mitigations, and Software Updates

Slack resets user passwords after 2015 data breach (TechCrunch) Slack will reset the passwords of users it believes are affected by a historical data breach that affected the company more than four years ago. In 2015, the company said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inser…

Still not using HTTPS? Firefox is about to shame you (Naked Security) Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver.

Cyber Trends

Secureworks 2019 Incident Response Insights Report (Secureworks) Learn how organizations undermine their security program and provide opportunities to threat actors.

BEC Scams Cost US Firms $300m Each Month (Infosecurity Magazine) US government stats reveal soaring number of victims

22% of users would quit WhatsApp if encryption is banned | Comparitech (Comparitech) WhatsApp encryption may come to end, potentially signalling a big drop in its user numbers. Find out what our survey uncovered.

Lenovo Patches Security Flaw Exposing 36TB Of Financial Data In The Wild (Z6 Mag) The compromised data include sensitive financial information like card numbers and financial records.

Reputations are at risk as executives feel the weight of emerging threats (Insurance Business) From cyber to pollution, no company is safe in today’s evolving risk landscape

Half of Manx people 'at risk of online scams' (BBC News) More than 50% of people on the Isle of Man use the same password for several accounts, a survey finds.

Marketplace

InCountry raises $15M for its cloud-based private data storage-as-a-service solution (TechCrunch) The rise of data breaches, along with an expanding raft of regulations (now numbering 80 different regional regimes, and growing) have thrust data protection — having legal and compliant ways of handling personal user information — to the top of the list of things that an organization n…

VComply raises $2.5 million seed round led by Accel to simplify risk and compliance management (TechCrunch) Risk and compliance management platform VComply announced today that it has picked up a $2.5 million seed round led by Accel Partners for its international growth plan. The funding will be used to acquire more customers in the United States, open a new office in the United Kingdom to support custom…

VMware to acquire AI, ML acceleration firm Bitfusion (CRN Australia) Bitfusion's platform virtualises GPUs to share across infrastructure.

F-Secure's Managed Detection and Response Solution Countercept Wins EUR 2m+ Deal (Yahoo) F-Secure's Managed Detection and Response (MDR) solution Countercept has won a multi-year deal worth than more than EUR 2m to defend a major European enterprise ...

Fujitsu launches Canberra Cyber Resilience Centre (ITWire) Fujitsu has launched its new Cyber Resilience Centre (CRC) in Canberra, with the facility to oversee managed and professional security services across the Oceania region.

Google will now pay bigger rewards for discovering Chrome security bugs (TechCrunch) Bug hunting can be a lucrative gig. Depending on the company, a serious bug reported through the proper channels can earn whoever found it first tens of thousands of dollars. Google launched a bug bounty program for Chrome in 2010. Today, they’re increasing the maximum rewards for that progra…

Atlantic Council Announces Trey Herr as Director of the Cyber Statecraft Initiative (Atlantic Council) The Atlantic Council today announced Trey Herr as Director of the Cyber Statecraft Initiative in its Scowcroft Center for Strategy and Security. Dr. Herr will be central to further strengthening the Initiative’s continued work on...

Callsign Adds Industry Veteran Tom Noonan to Board of Directors (Callsign) Callsign, a London-based company at the forefront of the identity revolution, today announced the addition of Tom Noonan to its board of directors.

Products, Services, and Solutions

42Crunch Announces Full Kubernetes Support to Automate Zero-Trust API Security Across Microservices Architecture (Yahoo) 42Crunch Allows Organizations to Extend Comprehensive API Security Beyond the Edge, to Each and Every Container in Kubernetes Environments

Dropbox silently installs new file manager app on users’ systems [Update] (Ars Technica) Dropbox ambushes its users with a radically different version of its sync app.

Reducing attack surface with SDP, Safe-T wins contract with Israeli utility (Warrior Trading News) The Safe-T Group (SFET) security company is up 15% pre-market on news that a national Israeli utility has adopted its Software Defined Perimeter technology.

Bitdefender 2020 protects against cyberbullying and online predators (BetaNews) What do you perceive as the primary threat to your devices for the year ahead? Most people are now fairly self-aware to be wary of phishing attempts and illegitimate websites, while basic security software will prevent you from accidentally installing malicious software.

Technologies, Techniques, and Standards

FBI senior IT official: Bug bounties still useful, but ‘a little over-hyped’ (Federal News Network) Manny Castillo, a senior IT security adviser at the FBI, said the bureau does all its penetration testing internally and has no plans on changing that.

We Spend Billions on Information Security, So Why do Companies Continue to get Owned? (Bromium) Back in 2013, General Keith Alexander of US Cyber Command sounded an alarm at a cybersecurity conference, alerting corporations and government agencies of an increased threat of cyberattacks. He called the billions of dollars in intellectual property flowing out of the country “the greatest transfer of wealth in history” and warned that unless we do something, the consequences would only intensify.

Boost Infrastructure Immunity Against the Ransomware Epidemic (SecurityWeek) Following basic security best practices and backing up data regularly can minimize an organization’s exposure to becoming a casualty of ransomware.

Adding VPN protection to your iPhone is easier than you think (Cult of Mac) A VPN can keep your online activity secure by preventing malware and trackers. You should use one anytime you use a public Wi-Fi network.

Four Questions Organisations Need To Ask After A Cyber Attack (Information Security Buzz) Cyber attacks are inevitable, but it’s how an organisation deals with them that can make or break their business. Have they got all the answers, and do they fully understand the implications? Can they be sure the attack won’t happen again?  Swift and comprehensive incident response is a critical step to ensuring the future security of a business …

DHS is Looking to Upgrade Its FISMA Compliance Tools (Nextgov.com) The new and improved information assurance system would help officials better understand and manage the department’s sprawling IT infrastructure.

How Capture the Flag Competitions Strengthen the Cybersecurity Workforce (Dark Reading) These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.

Emsisoft releases a free decryptor for the ZeroF[**]ks ransomware (Emsisoft | Security Blog) Our malware team has just released a decryptor for the ZeroF[**]ks ransomware.

Protect Your Organization Against Password Spraying (Infosecurity Magazine) Password spraying, unlike traditional brute force attacks, often stays under the radar

Design and Innovation

High-Stakes AI Decisions Need to Be Automatically Audited (WIRED) Opinion: The current standard for evaluating AI is insufficient. AI systems should be instantly interrogated for bias by a third party.

Kaspersky offers cybersecurity training in video game form (CRN Australia) Targeted to IT managers and business leaders.

How to protect the growing internet of battlefield things (Fifth Domain) The incoming Secretary of Defense needs to make funding the deployment of Comply to Connect, which monitors networks for unauthorized devices, one of his first priorities.

Academia

Cadets build relationships, knowledge on Cyber AIAD (Pointer View) The U.S. Military Academy’s Academic Individual Advanced Development program is a key portion of the institution’s margin of excellence

Legislation, Policy, and Regulation

Kazakhstan government is now intercepting all HTTPS traffic (ZDNet) Kazakh government first wanted to intercept all HTTPS traffic way back in 2016, but they backed off after several lawsuits.

Why the Ghost Keys `Solution’ to Encryption is No Solution (Just Security) An encryption back-door proposal from Britain's GCHQ poses serious risks to privacy and digital security on apps like Signal and Whatsapp.

Central Bankers Doubt Facebook’s Cryptocurrency (Daily Forex) The G7 finance chiefs expressed their skepticism towards Facebook's attempt to issue a digital currency, as they consider that several regulatory problems shoul

Congressional testimony reveals some faults in Facebook’s digital currency plans (TechCrunch) As Facebook continues to lay the foundation for getting some of the world’s largest payment processing and technology companies a seat at the global monetary policy table, the company faces significant obstacles to enacting its plans from both sides of the congressional aisle. In the second o…

Everyone Wants Facebook's Libra to Be Regulated. But How? (WIRED) Facebook's planned blockchain-based currency poses nettlesome questions: Is it money? Is the Libra Association a bank?

Facebook accused of contradicting itself on claims about platform policy violations (TechCrunch) Prepare your best * unsurprised face *: Facebook is being accused of contradicting itself in separate testimonies made on both sides of the Atlantic. The chair of a UK parliamentary committee which spent the lion’s share of last year investigating online disinformation, going on to grill mult…

Senators Introduce Bill Restricting Huawei From Buying, Selling U.S. Patents (Wall Street Journal) Republican senators introduced legislation aimed at blocking Huawei from buying or selling U.S. patents in the latest action by Washington targeting the Chinese telecom giant.

U.S. tech firms push Trump to allow sales to Huawei, set up White House meeting next week (Washington Post) Tech companies are asking the administration to allow sales of chips and other parts for Huawei-made smartphones and laptops, arguing such sales won’t hurt U.S. national security, according to people familiar with the matter.

Banning Huawei Could Make U.K. Networks Less Secure, MPs Say (Bloomberg) Parliament’s security committee says China isn’t the issue. Limiting suppliers might increase risk of malicious attacks.

Is Huawei a Security Threat? Vietnam Isn’t Taking Any Chances (New York Times) As the world splits along U.S.-China fault lines, telecom companies in Vietnam appear to be quietly avoiding the Chinese tech giant in their 5G plans.

The FTC looks to change children’s privacy law following complaints about YouTube (TechCrunch) The U.S. Federal Trade Commission is considering an update to the laws governing children’s privacy online, known as the COPPA Rule (or, the Children’s Online Privacy Protection Act). The Rule first went into effect in 2000 and was amended in 2013 to address changes in how children use …

How Cyber Weapons Are Changing the Landscape of Modern Warfare (The New Yorker) Unlike conventional weapons, cyber weapons lend themselves to plausible deniability. How do you levy a threat when it’s not clear where an attack is coming from or who is responsible?

Cybersecurity industry can contribute its expertise to cyberspace peace (RSA Conference Blog) The list of attacks in the Asia-Pacific, and elsewhere in the world, is long and growing. Is the world on the brink of cyberwar?

New rules on paying for campaign cybersecurity (Axios) Nonprofits can offer campaigns free services or special deals, but for-profit companies can't.

Pentagon Will Default To Trusting Other Agencies’ Cloud Security Assessments (Nextgov.com) The department has had success reusing other agencies’ authorizations and will make reciprocity the rule rather than the exception.

Pentagon reconsiders plan to relocate key US intelligence hub within Britain (Stars and Stripes) A U.S. intelligence gathering hub at RAF Molesworth, one of several American bases that had been slated for closure, could stay where it is as the Pentagon reconsiders a plan to move the center to a different site.

Litigation, Investigation, and Law Enforcement

EXCLUSIVE: Career officials rebut claims of White House interference in security clearance process (TheHill) Two career White House security officials have testified in a closed door session with the House Oversight Committee that no political pressure was asserted on their office in determining security clearances, according to a GOP staff memo obt

Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege (Register) 'No safeguards' on QA accounts, and suddenly this guy gets a Tesla and $1.6m home, say prosecutors

Ex-NSA contractor to be sentenced in stolen documents case (Washington Post) A former National Security Agency contractor awaits sentencing in Baltimore’s federal court for storing two decades’ worth of classified documents at his Maryland home

U.S. Senator Asks FBI to Investigate Russia's FaceApp Over Security Concerns (The Moscow Times) Schumer said the photo editing app's location in Russia raises questions

Actor Ajaz Khan held for posting objectionable videos (The Times of India) Actor Ajaz Khan is in trouble again, this time for uploading a communally incendiary video on a popular website that could have led to communal tensio

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2019 FAIR Conference (National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Smoky Mountain Bigfoot Conference (Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.