skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Data associated with about 106 million credit card users and applicants, mostly in the United States and Canada, were exposed in a breach said to have been committed by a Seattle-area woman, Paige A. Thompson, Capital One has disclosed. Ms Thompson was arrested yesterday on a charge of computer fraud and abuse. It's thought she obtained access to the data (held in a cloud) through a misconfigured firewall.

Wind River addressed eleven zero-day flaws in its VxWorks product. A detailed account of the patches and mitigations may be found here. VxWorks is used in over two-billion industrial, medical and enterprise devices. Armis Labs, which discovered and disclosed the flaws to Wind River, calls VxWorks "the most widely used operating system you may never have heard of." Six of the zero-days were critical remote code execution flaws, according to Armis Labs' report.

Synology has warned users to protect themselves against a ransomware campaign that's brute-forcing credentials in its Network Attached Storage product. Naked Security reports that Synology isn't the only NAS vendor whose products are affected.

Last week Facebook clapped a stopper over some "coordinated inauthentic activity" in Russia, Ukraine, Thailand, and Honduras.

A self-proclaimed hacker has told the Los Angeles Police Department he's got data on some 2500 police officers and about 17 thousand recruits, according to Information Security Magazine. NBC4 Los Angeles says the police union is very unhappy. The incident remains under investigation.

A High Court ruling in the UK rejects a challenge to the Investigatory Powers Act.

Notes.

Today's issue includes events affecting Canada, China, Honduras, Iran, Syria, Russia, Thailand, Ukraine, United States.

Bring your own context.

If you're studying industrial control systems in a laboratory test bed, it's important to model those systems correctly.

"That's the credibility aspect, and that's one of the things that, in some of the papers that the folks here have written about, is one of the key things that we always try to establish with the apparatus, for example. So whenever we implement, say, an industrial control system for something like a water treatment plant, we always then try and check that with a range of field engineers or other sort of technical roles. So is this actually what would happen in it? And that establishes the credibility of the test bed, and that's an essential part. But what we're really interested in now is making sure that we are doing rigorous experimentation."

—Daniel Prince, senior lecturer in cybersecurity at Lancaster University, on the CyberWire Daily Podcast, 7.26.19.

Construct your material models with care. In this case, credibility can mean reliability, availability, and safety.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about the various cities that are piloting aerial surveillance programs. Tamika Smith interviews Noam Cohen from the New Yorker on California’s new law regulating bots.

And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. The latest episode, "Inside malware markets: current trends and competitive forces," takes a look at the way black markets operate like markets. "Regardless of location, legitimacy, or legality, markets of all kinds act in accordance with a prevailing set of forces. Made famous by business management guru Michael Porter, his eponymous Five Forces generally dictate how markets will operate — that includes markets for malware."

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Courageous Women CISO Brunch with Synack and CyberWire at Black Hat (Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

LinkedIn Accounts For More Than Half Of Social Media Phishing Emails In Q2 2019, According To KnowBe4 Findings. (IT Security Guru) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, reviewed the results of tens of thousands of simulated phishing tests over the course of Q2 2019 and found that more than 50 percent of those related to social media had “LinkedIn” in the title. With this information, organisations need to …

Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign (KnowBe4) Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

LAPD Breach Exposes Thousands of Officers (Infosecurity Magazine) Hacker claims to have their hands on details of over 17,000

LAPD Police Officers' Personal Information Stolen in Data Breach (NBC Southern California ) A suspected hacker claimed he or she had stolen the personal information of about 2,500 LAPD officers, trainees, and recruits, along with approximately 17,500 police officer applicants, in what may be a...

Capital One Announces Data Security Incident (PR Newswire) Capital One Financial Corporation (NYSE: COF) announced today that...

CapitalOne Discloses Massive Data Breach: 106 Million Impacted (SecurityWeek) Capital One said that a malicious individual was able to exploit a vulnerability in cloud infrastructure used by the company and gain access to sensitive data on more than 100 million customers and credit applicants.

Capital One Says Breach Hit 100 Million Individuals in U.S. (Bloomberg) Seattle woman held in jail on federal charge of computer fraud. Accessed data includes about 140,000 Social Security numbers.

Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One (Ars Technica) Former systems engineer arrested on charges she accessed data in Firewall hack.

Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts (CNBC) Capital One says a data breach exposed personal information of its customers, including Social Security details and bank account numbers.

Capital One’s breach was inevitable, because we did nothing after Equifax (TechCrunch) Another day, another massive data breach. This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the com…

NAS vendors hit by brute force ransomware attacks (Naked Security) Cybercriminals are targeting numerous Network Attached Storage vendors with a new wave of ransomware.

As Real-World Danger Grows, Enterprises Wrestle with BlueKeep (Theatpost) Fears of a WannaCry-level global attack grow as working exploit info starts to go public.

A VxWorks Operating System Bug Exposes 200 Million Critical Devices (Wired) VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.

200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS (Help Net Security) Armis researchers have discovered 11 vulnerabilities (including 6 critical RCE flaws) in Wind River VxWorks, running on over 2 billion embedded devices.

'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks (Threatpost) Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare devices and more, setting the stage for widespread worm attacks.

Armis Finds 11 Zero-Day Vulnerabilities, Dubbed "URGENT/11," Exposing More than 200 Million Critical Devices using VxWorks' TCP/IP Stack (IPnet) (PR Newswire) Armis, the leading enterprise IoT security company, announced today the discovery of 11 zero-day...

URGENT/11 Information from the Research Team (Armis Labs) Armis found 11 0day vulnerabilities in VxWorks®, a widely used operating system in over 2B devices including industrial, medical and enterprise devices.

Urgent/11 Further Boosts VxWorks Security (Wind River) Att Wind River, security is embedded in our DNA. It is part of our rich heritage of nearly 40 years in mission-critical systems. It is built into all the technologies we provide to help our customers develop trusted and reliable solutions. We take security extremely seriously, which is why the recent vulnerabilities discovered within the TCP/IP (IPnet) networking stack, dubbed "Urgent/11," has resulted in the most secure VxWorks to date.

New Android Ransomware Uses SMS Spam to Infect Its Victims (BleepingComputer) A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact list found on already infected targets.

Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds (Forbes) A hack on Visa contactless could let opportunistic crooks drain accounts with a single tap and they don’t even need to steal the credit card. And it may have ramifications for Visa cards across the world.

Flaws Allow Hacker to Bypass Card Limits (Infosecurity Magazine) Researchers bypass the payment limits of Visa contactless cards.

How crooks can cover up crimes by hacking IoT cameras to show fake footage (ZDNet) Researchers detail the risk posed by insecure IoT devices, demonstrating how hackers could hide evidence of a physical break-in from operators of internet-connected cameras.

Removing Coordinated Inauthentic Behavior in Thailand, Russia, Ukraine and Honduras (Facebook Newsroom) We've removed multiple Pages, Groups and accounts for misleading people about who they are and what they're doing.

Russian Fake News Targeted Ukraine Elections (Infosecurity Magazine) Facebook forced to remove over 100 accounts

Fake Version of WhatsApp Giving ‘Free Internet’ (Infosecurity Magazine) A scam impersonating WhatsApp tricks users into spreading the fraudulent app in exchange for free internet.

Your phone is the new political battlefront (Times) According to Dominic Cummings, the new senior adviser to the prime minister, almost nobody in media or politics understands anything about anything. Also according to Cummings there is one great...

Park DuValle health center pays $70,000 ransom for patient records in cyberattack (WDRB) The West Louisville nonprofit that runs medical clinics serving low-income patients has paid hackers nearly $70,000 to unlock the medical records of some 20,000 patients, which have been held hostage

Facebook Connected Her to a Tattooed Soldier in Iraq. Or So She Thought. (New York Times) Renee Holland sent her Facebook friend thousands of dollars. She became entwined in a global fraud that the social network and the United States military appear helpless to stop.

Hackers’ Latest Target: School Districts (New York Times) Schools handle a lot of personal data and may not have strong technology teams, leaving them vulnerable to attacks, experts say.

Vulnerability Summary for the Week of July 22, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

SECURITY VULNERABILITY RESPONSE INFORMATION - TCP/IP Network Stack (IPnet, Urgent/11) (Wind River) Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.

Truecaller pushes software fix after covertly signing up Indians to its payments service (TechCrunch) Truecaller, a service that helps users screen robocalls, has rolled out an update to its app in India, its largest market, after a previous software release covertly signed up an unspecified number of users to its payments service. A number of users in India began to complain late Monday that Truec…

Cyber Trends

Kubernetes adoption, market share, and security trends - get the report · StackRox: Container Security for Docker and Kubernetes (StackRox) Learn about 2019 Kubernetes adoption trends, growth rate and market share, and the security issues that companies are most concerned about

Mobile Threat Report 2019: Trends & Recommendations (CrowdStrike) A new report on the mobile threat landscape offers a deep-dive into the threats that plague mobile devices, and offers recommendations to secure data against them.

2019 CrowdStrike Global Threat Report (CrowdStrike) The 2019 CrowdStrike® Global Threat Report offers one the industry’s most comprehensive reports on today’s top cyber threats.

Three quarters of gamers suffer hate and harassment online (Naked Security) Trolling, stalking, sexual harassment, and humiliation have become so bad that one in ten respondents had depressive or suicidal thoughts.

Marketplace

Capital One discloses massive data breach; shares down 3% (Seeking Alpha) Roughly 100M U.S. customers and 6M Canadian customers were affected, says the company, but no credit card numbers or login credentials were taken, nor were the vast majority of Social Security numbers. What was breached: About 140K Social Security numbers, 80K linked bank account numbers, and personal information from credit card applications from 2005 until early this year.

Huawei Shows Resilience in the Face of U.S. Blacklisting (Wall Street Journal) The Chinese company said its first-half revenue rose 23% from a year earlier, as the technology giant appeared to shrug off the impact of a U.S. supplier blacklisting.

GitHub confirms it has blocked developers in Iran, Syria and Crimea (TechCrunch) The impact of U.S. trade restrictions is trickling down to the developer community. GitHub, the world’s largest host of source code, is preventing users in Iran, Syria, Crimea and potentially other sanctioned nations from accessing portions of the service, chief executive of the Microsoft-own…

The State of Cybersecurity Hiring (Burning Glass Technologies) The number of cybersecurity job postings has grown 94% since 2013, three times faster than IT jobs overall. But a talent gap persists.

DataGrail Locks-In a total of $9.2M To Accelerate Growth and Meet Anticipated Demand In Advance of Nevada Privacy Law and California's Consumer Privacy Act (CCPA) (PR Newswire) DataGrail, the first purpose-built privacy platform designed to help companies comply with new and emerging...

Trinity Cyber raises $23 million to foil hacking attempts in real time (VentureBeat) Trinity Cyber, a startup that combines threat detection with inference to combat hackers, emerged from stealth with $23 million in capital.

Trump's Cyber Czar Is Back—and He Wants to Make Hackers Suffer (WIRED) Former White House top cybersecurity official Tom Bossert reveals his new startup, Trinity. Its focus: "active threat inference."

Techstars nabs $42M to expand its global presence (TechCrunch) SVB Financial Group, the holding company of Silicon Valley Bank, invests in Techstars.

Encrypted Data Prevails in Shark Tank (SIGNAL Magazine) The latest shark tank winner is a company that simplifies encryption methods to secure entire networks of data.

Facebook warns over Libra plans (Seeking Alpha) A number of factors could prevent Facebook's (NASDAQ:FB) cryptocurrency from seeing the light of day, the tech giant reminded investors in its latest quarterly report.

Chairman Re-elected as SIMalliance Supports SIM Evolution to Optimise Device Connectivity and Security in new 5G and IoT Landscapes (SIMalliance) Remy Cricco (IDEMIA) has been re-elected to serve a third term as the Chairman of SIMalliance, the non-profit global SIM industry association which advocates the protection of sensitive connected and mobile services using a tamper-resistant secure hardware component.

Products, Services, and Solutions

BorderHawk Cybersecurity Launches Data Security Services For Small Bus (PRWeb) BorderHawk CyberSecurity today launched an innovative outsourced data security service for small and medium-sized businesses to help prepare them for inevi

LoginRadius Advances Authentication with ‘Sign In with Apple’ Integration (EIN News) New authentication method gives customers more privacy, security, and versatility than ever before.

Fugue and New Light Technologies Partner to Better Secure the Public Cloud (Fugue) New Light Technologies Inc. (NLT) announces a strategic partnership with Fugue to deliver public cloud configuration, drift detection, active drift enforcement (e.g., self-healing infrastructure), and security control gap analysis for NLT’s Amazon Web Services (AWS) and Microsoft Azure clientele.

Teltonika Cooperates with NanoLock Security for Powerful Router Cyber Defense (PR Newswire) NanoLock Security, the industry's only cloud-to-flash, powerful security and...

Google teams up with VMware to bring more enterprises to its cloud (TechCrunch) Google today announced a new partnership with VMware that will make it easier for enterprises to run their VMware workloads on Google Cloud. Specifically, Google Cloud will now support VMware Cloud Foundation, the company’s system for deploying and running hybrid clouds. The solution was deve…

Blockchain (the company) launches an exchange (The Pit) (TechCrunch) The company called Blockchain is mostly known for its cryptocurrency wallet. Today, the company is also launching an exchange so that you can buy and sell cryptocurrencies without going through a third-party exchange. The company’s exchange is called The Pit and is focused on mainstream adoption an…

Technologies, Techniques, and Standards

Avoid Paying Millions in Fines; Take Steps to Secure Customer Data Now: OTRS Group shares expert advice on how to protect your customers. (PR Distribution) On Monday, the Federal Trade Commission settled with Equifax for up to $700 million as a result of a data breach that occurred back in 2017 when Equifax failed to properly secure their network. The records of nearly 150 million people were compromised at the time.

How to increase the efficiency of your risk and compliance management strategy (Help Net Security) Infiniti has announced the completion of their recent article on how to increase the efficiency of your risk and compliance management strategy.

Who Needs Data Center Security? Everyone (Infosecurity Magazine) Data is essential to running a business today

Cloud adoption and security are not mutually exclusive (Help Net Security) The shift to the cloud has dramatically reduced the time organizations are willing to devote to security as part of the development process.

Hunting Threats on Twitter: How Social Media can be Used to Gather Actionable Threat Intelligence (Trend Micro) Social media is a content-rich platform many enterprises use, but how can InfoSec professionals and security teams use it to gather threat intelligence that they can use to protect their organizations?

Design and Innovation

IT security specialists need to look at IoT security in buildings in a completely different way, says Cundall director Chris Grundy (Computing) The construction industry still hasn't got to grips with the IT security challenges of IoT devices embedded in buildings

Facebook fact-checker: fake news is very bad for your health (Times) If you’re having a heart attack, cough vigorously. Pregnant? Avoid some bath products. And if you’ve been stabbed, stem the blood with a tampon. These dubious pieces of health advice are among...

Staying Ahead of the Game: Cyber Wisdom is Rooted in Preparation (Infosecurity Magazine) We in IT are often guilty of conflating information with wisdom

Academia

Cyber-GuildTM Announces Golden Ticket (PR Newswire) To promote cyber security skills, knowledge, and engagement of entire communities Cyber-Guild, a pillar...

Legislation, Policy, and Regulation

American Tech Shudders as China Cyber Rules Are Expected to Get Tougher (WSJ) U.S. businesses view proposed cybersecurity rules as new barriers to the Chinese market and they loom as a potential sticking point in coming trade talks.

Hong Kong protesters block trains as Beijing blames West (Times) China has blamed western powers for the protests in Hong Kong but has placed responsibility for dealing with the pro-democracy protests firmly on the shoulders of Carrie Lam, the chief executive.

Beijing Is Weaponizing Nationalism Against Hong Kongers (Foreign Policy) Hong Kong’s unique identity threatens Xi Jinping’s rhetoric of greatness.

How the West Got China's Social Credit System Wrong (WIRED) It occupies a spot next to 'Black Mirror' and Big Brother in popular imagination, but China’s social credit project is far more complicated than a single, all-powerful numerical score.

Justice Department Fills Fraud Section Post Long in Limbo (Wall Street Journal) Robert Zink was one of two prosecutors to occupy the position on an interim basis after the section’s former chief, Andrew Weissmann, joined special counsel Robert Mueller’s team in 2017 to investigate Russian interference in the 2016 presidential election.

Doubts emerge about Trump pick for US intelligence chief (Federal Times) Rep. John Ratcliffe’s dearth of relevant experience may especially matter at a time when current and former government officials expect Russia to interfere in the 2020 presidential election.

Litigation, Investigation, and Law Enforcement

Privacy group asks court to reconsider FTC’s $5 billion Facebook deal (Ars Technica) The settlement does nothing to address the underlying issues, EPIC says.

UK High Court rejects human rights challenge to bulk snooping powers (TechCrunch) Civil liberties campaign group Liberty has lost its latest challenge to controversial U.K. surveillance powers that allow state agencies to intercept and retain data in bulk. The challenge fixed on the presence of so-called “bulk” powers in the 2016 Investigatory Powers Act (IPA): A con…

Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company (U.S. Attorney’s Office Western District of Washington) A former Seattle technology company software engineer was arrested today on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data of Capital One Financial Corporation, announced U.S. Attorney Brian T. Moran.

United States of America , Plaintiff, v. Paige A. Thompson, a.k.a. "erratic," Defendant (United States District Court for the Western District of Washington) Before, the Honorable Mary Alice Theiler, United States Magistrate Judge, United States Courthouse, 700 Stewart Street, Seattle, Washington. Count One (Computer Fraud and Abuse)...

Capital One Reports Data Breach Affecting 100 Million Customers, Applicants (Wall Street Journal) Capital One said a hacker accessed the personal information for roughly 106 million credit card customers and applicants, one of the largest data breaches of a big bank.

Capital One says data breach affected 100 million credit card applications (Washington Post) A suspect, Paige A. Thompson, was arrested Monday and charged with computer fraud.

Two men arrested for allegedly attempting to join ISIS: ‘I want to be the beheading person’ (Washington Examiner) Two men who came to the U.S. from Somali as refugees were arrested after attempting to fly from Arizona to Egypt, allegedly with the intention of joining the Islamic State.

Watchdog Uncovers Cyber Gaps at Radioactive Waste Facility (Nextgov.com) The Energy Department failed to secure the site in line with federal cyber standards.

MoD Data and Device Losses Soar 300% (Infosecurity Magazine) Ministry in the dock for poor security

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

IT & Cyber Day at Aberdeen Proving Ground (Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...

Sacramento Cybersecurity Conference (Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.