Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
July 29, 2019.
By the CyberWire staff
Forbes reports attempts by the GRU to compromise ProtonMail accounts belonging to journalists investigating Russian security and intelligence services. Bellingcat says it was among the targets. ProtonMail says the attacks were blocked.
KrebsOnSecurity calls it "the unsexy threat to election security," but argues that securing email and social media accounts of election officials shouldn't be overlooked. A civil grand jury in San Mateo County, California (part of Silicon Valley) warned that hijacked or spoofed accounts could be used to suppress voting by distributing misinformation about polling, or could be used to excite conflict with false reports of results.
Researchers at Sucuri have found Magecart card-skimming script in faked Google domains, BleepingComputer says. The skimmer supports theft on several payment gateways.
Palo Alto Networks' Unit 42 reports that MyDoom, the old worm that surfaced in 2004, is still out and actively used in phishing campaigns. Its persistence is due in part to its self-sufficiency, as ZDNet notes.
TechCrunch and others report that Marcus Hutchins, the accidental hero of WannaCry and the deliberate villain of the Kronos banking Trojan, has been sentenced to time served and a year of supervised release for charges related to developing and selling Kronos. The presiding judge cited Hutchins's youth and apparent reform when he passed sentence.
The US Coast Guard last week released further details on a cyberattack that hit a large merchant vessel inbound for the Port of New York and New Jersey. The Wall Street Journal says the malware involved was an Emotet variant.
Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, India, New Zealand, Russia, United Kingdom, United States, and Venezuela.
Bring your own context.
How might any organization bring threat intelligence into their way of doing business?
"I think it first starts with understanding what the threat landscape is. But what I actually mean is there's a difference between a perceived threat and an actual threat. If you have a better understanding of, say, the criminal communities or the types of people that target your business, that's always a really good starting point. So it starts out with building kind of an intelligence function into your security organization. From a tech standpoint, it's first establishing how you're going to gain visibility not only into your organization but outside of your organization and then instrumenting the proper security layers. And then it's a matter of really finding the right kinds of talent that understand the criminal world, more or less. So it starts with building out the proper tech, staffing appropriately and then building out your data pipelines."
—Eric Murphy, vice president of security research at SpyCloud, on the CyberWire Daily Podcast, 7.25.19.
That is, know the friendly situation and the enemy situation.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Courageous Women CISO Brunch with Synack and CyberWire at Black Hat(Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Bellingcat journalists targeted by failed phishing attempt(TechCrunch) Investigative news site Bellingcat has confirmed several of its staff were targeted by an attempted phishing attack on their ProtonMail accounts, which the journalists and the email provider say failed. “Yet again, Bellingcat finds itself targeted by cyber attacks, almost certainly linked to …
Statement on the attempted phishing attack against Bellingcat(ProtonMail Blog) Earlier this week, investigative journalists at Bellingcat were targeted by a sophisticated phishing attack. As there has been some incorrect reporting about the incident, we are releasing a statement to provide clarification. On July 24, investigative journalists at Bellingcat, which utilize ProtonMail to secure their communications, were targeted by a sophisticated phishing attack that attempted …
The Unsexy Threat to Election Security(KrebsOnSecurity) Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.
Notorious MyDoom Worm Still on AutoPilot After 15 Years(BleepingComputer) The notorious Mydoom email worm, considered to be one of the most damaging malware strains ever developed, is still doing rounds on the Internet, working on autopilot and actively targeting email users all over the world.
Exposed password gave hacker access to Comodo internal files(TechCrunch) A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet. The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email…
Hey Siri, why are humans reviewing our voice files?(iMore) Digital assistants like Alexa, Google, and Siri use humans to help train them. This has been going on since the beginning but it's only hit the mainstream media and consciousness this year. So, what's going on?
Hey, Siri, I’d like you to leave me alone now(Times) Within three years there will be as many virtual-assistant “bots” on earth as people, the industry predicts. As artificial intelligence is skilfully honed, their slavish behaviour becomes a global...
Wayne County, Ohio, Agencies Hit by Recent Cyberattacks(Government Technology) The Wayne County, Ohio, Commissioners and the Wayne County Board of Developmental Disabilities both fell victim to separate ransomware attacks earlier this month, leaving officials to deal with the aftermath.
Springhill Medical Center's cyber attack(FOX10 News) Springhill Medical Center still recovering after a cyber attack. Mobile Police confirming an ongoing investigation after the hospital was hit with ransomware.
Check Point Going Nowhere Fast(Seeking Alpha) Revenue and margins were basically on target, but minimal billing growth is going to revive chatter about whether Check Point's revenue is going to decelerate further.
WatchGuard updates ThreatSync platform for MSPs(Security Brief) “These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers.
New York authorities test their defenses against cyber attacks(KTVQ.com) Two days after Louisiana officials declared a state of emergency following a massive cyber attack, authorities from New York conducted a “digital fire drill” to see how critical infrastructure would hold up during a security breach. The tabletop exercise, hosted by IBM at its training facility in Boston on Friday, puts leaders from law enforcement, …
Using Threat Trends to Protect Network Resources(SecurityWeek) Analyzing threat trends – especially those collected from live production environments – can provide security teams with insights into how to better protect their organizations from the latest cyber threats.
Sustained Action Needed to Protect Canada in Cyberspace(NetNewsLedger) Size apparently does not always matter in cyberspace, but the lack of cybersecurity always will. Such is the case with Canada, ranked just 38th in the world in population but, as of mid-2018, recorded the third most cyber incidents in the world, according to a 2018 report. As alarming as what we know about cyber …
Has World War 3 already begun? The NSA may know something(American Thinker) This week, the National Security Agency (NSA) made a major announcement regarding America's plan to combat international threats in the midst of an ongoing and seemingly never-ending series of cyber-skirmishes.
Dan Coats Spoke Truth to Trump. Now He’s Out.(The Atlantic) The director of national intelligence won plaudits for plainly laying out the intelligence community’s assessments on issues ranging from Iran to Russia, putting him at odds with the president.
Cyberspace would be more complex in near future: Adv Skandan(The Kashmir Monitor) A two-day workshop for Judicial Officers, Investigators, Prosecutors, Law Officers and Officers from Anti-Corruption Bureau on ‘Cyber-Laws including Cyber-Crimes, Cyber-Forensics and Cyber-Security’ commenced today at Jammu and Kashmir State Judicial Academy (JKSJA), Mominabad. The workshop is being jointly organized by J&K e-Governance Agency (J&KeGA) and J&K Information Technology Department in collaboration with […]
Coast Guard Details February Cyberattack on Ship(Wall Street Journal) The cyberattack on a merchant vessel that prompted a U.S. Coast Guard warning this month was due to an infection with the Emotet malware, which has been particularly effective in attacking government and corporate networks.
‘WannaCry hero’ sentenced for selling Kronos malware(TechCrunch) Marcus Hutchins, the malware researcher who became known as an “accidental hero” for stopping the WannaCry ransomware attack in 2017, has been sentenced to supervised release for one year on charges of making and selling the Kronos banking malware. Presiding Judge J. P. Stadtmueller des…
Cyber Expert Dodges Prison Time in Banking Malware Scheme(Courthouse News) Weighing his prior crimes against his help in stopping a global computer virus two years ago, a federal judge on Friday sentenced a world-famous British cybersecurity expert to time served and a year of supervised release for his role in a major malware scheme.
The Facebook vigilantes who hunt pedophiles(Quartz) "Pedophile hunting" via Facebook is a contemporary version of public punishment, but it's also a messy amalgam of influences ranging from reality TV to tabloid culture.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberForce(College Park, Maryland, USA, November 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce. Attendees enjoy panels and presentations that address the themes...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
IT & Cyber Day at Aberdeen Proving Ground(Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.