Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
July 19, 2019.
By the CyberWire staff
ESET reports on recent activity of K3chang, an "elusive" threat group engaged in cyber espionage. Most of K3chang's recent targets have been in Slovakia, Belgium, Chile, Guatemala and Brazil. ESET studiously avoids attributing K3chang, but they do observe that since its discovery by FireEye in 2013, K3chang has been associated with China. The recent campaigns show improved backdoors and greater evasiveness. In MITRE's threat group taxonomy, K3chang is also known as APT15, and sometimes as Vixen Panda or Playful Dragon.
Hacked Bulgarian tax information has begun turning up in various discreditable hacker online neighborhoods. ZDNet says that the person who posted it (someone with the nom-de-hack "Instakilla") obtained it from a download link carelessly displayed by a Bulgarian television news report. Instakilla crowdsourced a solution to the password and has now made the data available. He's not worried about doing so. Since he's not the "original hacker," he doesn't "feel accountable for anything." The alleged original hacker has now been identified. Computing magazine, citing Bulgarian sources, identifies the suspect as Kristiyan Boykov, age 20. Mr. Boykov had worked for TAD Security, perhaps in a training role. Some of his students are said to have been members of the police cyber squad that collared him.
Emsisoft reflects on the recent wave of ransomware hitting US local governments. The firm suggests that counties and towns are vulnerable because of outdated systems and big attack surfaces.
SC Magazine and others continue to report that hundreds of thousands of devices remain unpatched against BlueKeep.
Today's issue includes events affecting Australia, Belgium, Bulgaria, Cambodia, Canada, Chile, China, Croatia, Czech Republic, Estonia, France, Germany, Guatemala, India, Italy, Japan, Kazakhstan, Isle of Man, Russia, Singapore, Slovakia, South Africa, Ukraine, United Kingdom, United State, and Vietnam.
Bring your own context.
Most agree that there's a labor shortage, "a skills gap," in cybersecurity. But what does that mean, exactly?
"And, of course, there's then the skills gap, which is this perception that there aren't enough qualified cyber analysts, professionals.... So here's a little bit of that disconnect. When we say cybersecurity gap and skills gap, I think it's important to really refine what jobs we are actually talking about. And there's a huge range of those jobs. Those jobs for cybersecurity range from, at the very top end, data scientists... And then at the other end of the spectrum, you're looking at an entry-level analyst - on-the-job training for entry-level SOC analyst.... So I do think it's important when we're thinking, collectively as a community, about the skills gap, what do we mean? Do we mean a skills gap for data scientists, or do we mean a skills gap for the entry-level SOC analyst, the mid-level SOC analyst? So that would then help us speak to the schools and speak to the educators and say this is more of what we're looking for.... If you look at the pharmaceutical industry, you wouldn't say, oh, there's a pharmaceutical industry skills gap. There would be a skills gap in someone who's doing, maybe biomedical research. Or there's a skills gap in something else. So to paint it with a very, very thick brush, I think the problem with doing that is it doesn't allow us to solve the actual problems. And the problems are many."
—Michael Madon, head of security awareness at Mimecast, on Hacking Humans, 7.18.19.
Seeing and understanding the specific gaps is more important than knowing that there's arguably one big gap.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at the SANS Insitute, as Johannes Ullrich (dean of research and proprietor of the Stormcast podcast) shares tips on ensuring that your vulnerability scans are secure. Our guest is Richard C. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, and coauthor of the new book The Fifth Domain.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Johnson Controls exacqVision Server(CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Server Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges.
County responds to cyber scare(The Conway Daily Sun) In the wake of a serious cyberattack on neighboring Strafford County, Carroll County’s IT contractor assured commissioners that Carroll County’s data has been secured but the threats to
Security Patches, Mitigations, and Software Updates
Slack resets user passwords after 2015 data breach(TechCrunch) Slack will reset the passwords of users it believes are affected by a historical data breach that affected the company more than four years ago. In 2015, the company said it was hit by hackers who gained access to its user profile database, including their scrambled passwords. But the hackers inser…
Google will now pay bigger rewards for discovering Chrome security bugs(TechCrunch) Bug hunting can be a lucrative gig. Depending on the company, a serious bug reported through the proper channels can earn whoever found it first tens of thousands of dollars. Google launched a bug bounty program for Chrome in 2010. Today, they’re increasing the maximum rewards for that progra…
Bitdefender 2020 protects against cyberbullying and online predators(BetaNews) What do you perceive as the primary threat to your devices for the year ahead? Most people are now fairly self-aware to be wary of phishing attempts and illegitimate websites, while basic security software will prevent you from accidentally installing malicious software.
We Spend Billions on Information Security, So Why do Companies Continue to get Owned?(Bromium) Back in 2013, General Keith Alexander of US Cyber Command sounded an alarm at a cybersecurity conference, alerting corporations and government agencies of an increased threat of cyberattacks. He called the billions of dollars in intellectual property flowing out of the country “the greatest transfer of wealth in history” and warned that unless we do something, the consequences would only intensify.
Four Questions Organisations Need To Ask After A Cyber Attack(Information Security Buzz) Cyber attacks are inevitable, but it’s how an organisation deals with them that can make or break their business. Have they got all the answers, and do they fully understand the implications? Can they be sure the attack won’t happen again? Swift and comprehensive incident response is a critical step to ensuring the future security of a business …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2019 FAIR Conference(National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.