Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 3, 2019.
By the CyberWire staff
Google’s cloud suffered worldwide outages yesterday. Now fixed, they seem to have been more nuisance than disaster ("network congestion" is cited as the cause). But TechCrunch points out that the incident suggests the cloud may not be as reliable as users typically assume.
Trend Micro describes "BlackSquid," a criminal campaign distributing the XMRig miner. For now the campaign is after Monero cryptocurrency, but there's no reason to think its approach can't (and won't) be used to drop other payloads in the near future.
"All the good things come to an end." The criminal proprietors of GandCrab ransomware say they’ve made enough money ($2.5 billion, if they’re to be believed, BleepingComputer reports) and that they plan to call it a day and retire at the end of June to enjoy a "well-deserved retirement," and advise hold-out victims to pay up soon. They add, "We have proven that by doing evil deeds, retribution does not come." GandCrab appeared in January 2018 and quickly became a black market leader.
NSA denied, in discussions with Maryland Representative Ruppersberger, that the agency’s tools had anything to do with the Baltimore ransomware attack. In particular, NSA said it had no evidence the EternalBlue vulnerability played a role in the incident. Some have read this as a non-denial denial (see examples in the Washington Post) but the general sentiment seems to be that Baltimore is less sinned against than sinning.
The US Justice Department has begun preparing an anti-trust case against Google, the Wall Street Journal reports.
Today's issue includes events affecting Australia, Canada, Chile, China, Egypt, Germany, Ireland, North Macedonia, Russia, Singapore, South Africa, United Kingdom, United States, and Venezuela.
Bring your own context.
Microsoft has been reminding people to patch for the BlueKeep Remote Desktop Protocol vulnerability. But an awful lot of machines remain unpatched.
"It's just about as bad as it gets, and it's affecting a tremendous amount of Windows machines on the Internet just because it covers so many versions. And unfortunately, much like SMB, while it should really never be exposed to the Internet, it very, very often is, even in organizations that you would hope know better."
—Craig Williams, director of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 05.30.19.
So do take it seriously. As Williams added, "deploy some protections."
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
‘I was a Macedonian fake news writer’(BBC) In North Macedonia, there’s a small industry of websites publishing misleading and inflammatory political articles targeted at US readers. Simon Oxenham meets a woman who worked there.
Realtek SDK Exploits on the Rise from Egypt(NETSCOUT) Executive Summary
ASERT’s IoT honeypot network continuously monitors known exploit vectors and we recently detected a spike in exploit attempts targeting the Realtek SDK miniigd SOAP vulnerability in consumer-based routers from the end of April 2019 until the first half of May 2019.
Microsoft Azure Being Used to Host Malware and C2 Servers(BleepingComputer) Microsoft's Azure cloud services have become an attractive option for cybercriminals to store malicious content. From phishing templates to malware and command and control services, it seems that crooks found a new place for them.
Ransomware isn’t just a big city problem(Malwarebytes Labs) The city of Baltimore has experienced a very public ransomware attack. But in a season of increasing ransomware detections among organizations, they're not alone. See which cites have been most impacted by ransomware and what organizations can do to develop resilience against attacks.
Tripwire 2019 Vulnerability Management Survey(Tripwire) Unpatched vulnerabilities remain the root cause of today’s most serious data breaches. To understand how organizations are addressing vulnerabilities today, in May 2019, Tripwire partnered with Dimensional Research to survey 340 infosecurity professionals on vulnerability management trends.
5G Security Challenges: A Vendor’s POV(Threatpost) How will 5G vendors deal with the issues of security? Nokia's head of end-to-end security solutions discusses during the GSMA Mobile 360 conference.
IoT Cyber Attacks Percentages are Insanely High(Digital Overload) A new piece of research has revealed that cyber attacks are happening more often and are more numerous than ever before. As the endorsement of Internet of Things (IoT) devices...
Science publisher IEEE lifts ban on Huawei reviewers(TechCrunch) After a temporary ban, the Institute of Electrical and Electronics Engineers, commonly known as the IEEE, announced on Monday it has lifted curbs on editors and peer-reviewers that work for Huawei and the Chinese firm’s affiliates. The reversal is yet another example of the regulatory murkine…
Fluree grabs $4.7M seed round to build blockchain-based database(TechCrunch) Fluree, a North Carolina startup that wants to bring the immutability of blockchain to the database, announced a $4.7 million seed round today led by 4490 Ventures with participation from Revolution’s Rise of the Rest Seed Fund. As CEO and co-founder Brian Platz explains, the database combines b…
Three major Irish banks pilot Deloitte blockchain solution(FinTech) Three major banks in Ireland are using blockchain to verify staff credentials in a drive for security and compliance.
The Bank of Ireland, AIB and Ulster Bank are using Deloitte’s blockchain solution for a pilot initiative, is has been revealed. The solution, which uses Ethereum and was built by Deloitte’s Blockchain Lab in Dublin, verifies and tracks staff credentials and qualifications data.
Cyber Militia Innovation Meets Mission Needs(SIGNAL Magazine) National Guard members conducting cyber ops found themselves poorly equipped, so they banded together and built the system they needed on a shoestring budget.
UWF showcases cybersecurity initiatives on international stage at NATO cyber defence conference(University of West Florida Newsroom) Breaking barriers as the first U.S. academic institution to participate in the NATO Cyber Defence project, the University of West Florida showcased its cybersecurity initiatives this month on the international stage at the 5th NATO Cyber Defence Smart Defence Projects Conference. Dr. Eman El-Sheikh, UWF Center for Cybersecurity director, presented both at the conference and the …
Tech Companies & Security Experts Pan Encryption Backdoor Proposal(Digital Trends) Tech companies, civil rights groups, and security experts have released an open letter condemning the U.K. security agency GCHQ's proposal to circumvent encryption on private messages. The proposal suggested that encrypted messages should be copied and sent to law enforcement agencies.
China Threatens To Blacklist U.S. Firms Refusing To Supply Huawei(Forbes) China has announced its own "non-reliable entity list" in retaliation for U.S. sanctions against Huawei which have hit the Chinese manufacturing giant hard. The move is intended to even the playing field ahead of trade talks and makes Huawei concessions more likely.
IG: DHS needs more election tech help, IT patching(FCW) The Department of Homeland Security needs additional IT workers to help it assist state and local election officials, as well as patch its internal systems, the agency's IG said in a semi-annual report to Congress.
Ruppersberger: EternalBlue Not a Factor in Recent Baltimore Ransomware Attack(Congressman C.A. Dutch Ruppersberger) Congressman C.A. Dutch Ruppersberger (D-MD) on Friday met with senior leaders of the National Security Agency, located in his district, to discuss recent malicious cyber attacks throughout the country, including the City of Baltimore. He issued the following statement:
Alleged LinkedIn hacker Yevgeniy Nikulin will stand trial in U.S. court, despite mental illness symptoms(CyberScoop) Yevgeniy Nikulin is headed back to court. The Russian accused of hacking a number of sites, including LinkedIn and Dropbox, was ruled fit to stand trial in a May 29 decision by U.S. District Judge William Alsup. Nikulin previously was ordered to undergo a psychiatric evaluation for refusing to communicate with his attorneys about his case, despite an ability to communicate about other topics without difficulty. Government attorneys previously argued “there is no comparison to the present case, where the defendant has stated that he has no complaint regarding his representation, but chooses not to discuss the proceedings with his counsel.” The defense has argued that Nikulin suffers from post-traumatic stress disorder related to his brother’s suicide and an abusive father, and that he has exhibited irrational behavior. Now, Alsup has ruled that the case against Nikulin will move forward. In his decision, the judge said Nikulin’s refusal to participate …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
SecureWorld Bay Area(Santa Clara, California, USA, August 21, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld St. Louis(St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld New York(New York, New York, USA, September 25, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld Detroit(Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld Dallas(Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, October 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld Denver(Denver, Colorado, USA, October 29 - 30, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SecureWorld Seattle(Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
San Diego Cyber Security Conference(San Diego, California, USA, June 5, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. In San Diego the keynote will be delivered by Darin Andersen, CEO/ Founder NXT Robotics,...
Seattle Cybersecurity Conference(Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.