What are the best practices and tools for SecOps in 2019?
Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.
July 24, 2019.
By the CyberWire staff
The FTC this morning announced the final details of its settlement with Facebook. Reuters reports that Facebook will, in addition to its financial penalties, be required to establish a board-level privacy committee. CEO Zuckerberg will be expected to certify, quarterly, that the company is properly safeguarding user privacy.
The complaint accompanying the settlement asserts that Facebook misled users about use of their data, insecurely implemented two-factor authentication, and failed to properly inform users about the access third-party apps had to "friends'" data. The Washington Post headline calls the penalties "stunning," but this is a minority view, undercut by the article itself, which recounts the ways in which Facebook arguably got off lightly.
Digital Revolution has named the hackers, "0V1ru$," who gave them the FSB documents now posted online. The files are said to come from SyTech, a Moscow contractor working for Unit 71330, an FSB shop that Naked Security says does signals intelligence.
BlueKeep exploitation grew likelier with publication of a guide to weaponizing the vulnerability. Ars Technica says the explainer appears associated with Tencent KeenLab. It's been posted as a slide deck to GitHub.
The US National Security Agency is creating a new directorate for cybersecurity. The Wall Street Journal reports that the new organization will become operational on October 1st. It will be led by Anne Neuberger, formerly NSA's Chief Risk Officer. The directorate is said to represent a closer coupling of defensive and offensive capabilities.
The US Justice Department is opening an anti-trust investigation into Big Tech.
Today's issue includes events affecting Bulgaria, China, Czech Republic, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Romania, Russia, Turkey, United Kingdom, United States.
Bring your own context.
What good does the Sec in DevSecOps do, once the software is in production?
"Let's say you're doing a penetration test at the end of the application lifecycle. A lot of times, you're just scanning for known vulnerabilities. And I tell you what, when a hacker is trying to break into your system, they're not just scanning for known vulnerabilities, at least not the good ones who are trying to get into your system. And so what we're starting to do is add in tools that help build in security checks as you build and ship software. And a lot of that's actually about security testing."
—David Brumley, co-founder and CEO of ForAllSecure and a professor at Carnegie Mellon University, on the CyberWire Daily Podcast, 7.22.19.
If the process works as intended, the software that emerges is not only more secure, but it's more reliable as well.
With LookingGlass, it’s Game Over For Threat Actors
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour discusses security awareness training. Our guest is Emily Wilson from Terbium Labs, who speaks with us about the Federal Trade Commission’s investigation into complaints over YouTube’s improper collection of kids' online data.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
FSB hackers drop files online(Naked Security) A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online.
APT34 spread malware via LinkedIn invites(SC Media) FireEye researchers identified a phishing campaign conducted by APT34 masquerading as a member of Cambridge University to gain their victim's trust to open malicious documents.
Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways - Cofense(Cofense) The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. The attacks span major industries like banking, power, and media. Here’s how they work. Email Body: The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them. The attackers utilise what appears to be compromised email accounts to send a genuine link to a WeTransfer hosted file. As these are legitimate links from WeTransfer, this allows them to travel...
GE Aestiva and Aespire Anesthesia (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Aestiva and Aespire Anesthesia
Vulnerability: Improper Authentication
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE Aestiva and Aespire Anesthesia published July 9, 2019, on the ICS webpage on us-cert.gov.
NREL EnergyPlus(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Low skill level to exploit
Vendor: National Renewable Energy Laboratory (NREL)
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Mitsubishi Electric FR Configurator2(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric FR Configurator2
Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may enable arbitrary files to be read or cause a denial-of-service condition.
Emotet: A Technical Analysis of the Destructive, Polymorphic Malware(Bromium) Emotet is a modular loader that was first identified in the wild in 2014. Originally Emotet was a banking Trojan designed to steal financial information from online banking sessions through man-in-the browser (MITB) attacks, but since 2017 it has been observed distributing other malware families, such as IcedID, Zeus Panda and TrickBot. The malware has been actively developed, with each new version changing or extending its capabilities.
Comodo Antivirus Multiple Vulnerabilities(Tenable®) Multiple vulnerabilities were discovered in Comodo Antivirus / Comodo Antivirus Advanced. The following vulnerabilities were verified to be present in version 184.108.40.20610 of Comodo Antivirus, except CVE-2019-3973, which only affects versions up to 220.127.116.1182.
Flaws in widely used corporate VPNs put company secrets at risk(TechCrunch) Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets. Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, sai…
Authentic8 aims to protect DoD with secure browser(Intelligence Online) Californian start-up Authentic8 is looking to establish itself as the Pentagon main supplier of isolated web browser, as part of the security overhaul led by the Defense Information Systems Agency
Overcoming the Dangers of Virtual Private Networks(DH2i) Most consumers regard Virtual Private Networks (VPNs) as a credible means of securing their data transmissions and overall privacy. Few realize VPNs were initially designed to provide these benefits for on-premise settings, offering only limited efficacy on the assortment of mobile, hybrid cloud, and multi-cloud technologies commonly used today. In fact, in these environments it’s Read More...
Report: CFPB should assess risks to cloud systems before their deployment(FedScoop) The Consumer Financial Protection Bureau hasn’t comprehensively assessed risks prior to deploying new cloud systems, according to a recent report. As a result, CFPB hasn’t issued a Federal Risk and Authorization Management Program provisional authority to operate (P-ATO) for a cloud system supporting its Consumer Response Call Center. The system itself wasn’t identified in the Federal …
DHS Announces $10.5M Funding Opportunity to Establish MBA in Security Technology Transition(Newswise) DHS is seeking proposals from accredited U.S. universities to educate and build the capabilities of DHS employees. The DHS S&T today announced a $10.5 million funding opportunity for a new DHS Center of Excellence (COE) to develop an Executive Master of Business Administration (EMBA) program focused on security technology transition from federal research and development to operational use.
NSA Forms Cybersecurity Directorate Under More Assertive U.S. Effort(Wall Street Journal) The National Security Agency will create a cybersecurity directorate later this year as part of an effort to align the agency’s offensive and defensive operations more closely, as it aims at “persistent engagement” in cyberspace against foreign adversaries like Russia, China and Iran.
NSA creates new cybersecurity arm to combat foreign threats (CNN) The National Security Agency announced Tuesday it is creating a new Cybersecurity Directorate, which will "unify NSA's foreign intelligence and cyberdefense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base."
The challenge (and benefit) to a more open intelligence community(C4ISRNET) Principal Deputy Director of National Intelligence Sue Gordon says that as foreign powers increasingly target the private sector and general public, the intelligence community needs to be more open and share more information publicly. That could be a net positive for business relations.
Justice Department Reviewing the Practices of Market-Leading Online Platforms(US Department of Justice) The Department’s review will consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online. The Department’s Antitrust Division is conferring with and seeking information from the public, including industry participants who have direct insight into competition in online platforms, as well as others.
IRS missing basic IT security measures(Fifth Domain) The federal government's watchdog recommends the Internal Revenue Service implement over 100 old and new recommendations to address a significant deficiency in the agency's control over its reporting systems.
3 Romanian men sentenced for hacking US servers(Washington Post) Federal prosecutors in Georgia say three men who hacked U.S. computers from Romania have been sentenced to U.S. federal prison for a fraud scheme totaling more than $21 million
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity Summit, New York(New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.