Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 5, 2019.
Take a survey. Win swell prizes.
We'd like to improve the quality, relevance and overall value of the CyberWire’s content, and so we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.
By the CyberWire staff
Cisco's Talos group describes a threat campaign they're calling "Frankenstein," because the hoods behind it stitched their effort together from a bunch of disparate open-source tools. Active between January and April of this year, Frankenstein's operators gained entrance into their targets by phishing with Trojanized documents.
ZDNet says Hollywood's lying to us. In the movies, the hacker scowls, taps vigorously at the keyboard, and says "I'm in!" Bitdefender's look at the Carbanak gang reveals, instead, months of preparation before the crooks hit the bank.
CyberScoop reports that a second member of Congress, Maryland Senator Van Hollen, has joined his House colleague, Representative Ruppersberger, to announce that the Government is confident EternalBlue wasn't involved in the Baltimore ransomware attack.
Huawei's chairman Liang Hua accused the US of "acting inappropriately" toward his company, NPR reports, but then proffered dove with an olive branch: the same kind of no-spy deal Shenzhen has dangled before Germany and the UK. This dove seems unlikely to fly in Washington, given Huawei's reputation with respect to non-disclosure agreements and partners' IP.
Don't believe Microsoft about the importance of patching legacy versions of Windows against the BlueKeep RDP vulnerability? Maybe you'll believe NSA's Central Security Service? They think you should patch, too.
Crescat noticia, vita non excolatur: University of Chicago Medicine has apparently left data of almost 1.7 million donors and prospective donors exposed online, Security Discovery says. The University secured the database and thanked the discoverer for the tip.
Today's issue includes events affecting Australia, Iran, United States.
Bring your own context.
We like it, but is it art?
"Mr. Guo first achieved some éclat in the art world though a performance piece in 2017 in which he rode a Segway around Brooklyn while leading or being led by a hipster on a leash. We looked up images of the work, called "Hipster on a Leash," and we're sorry to report that, for one, the hipster hardly seems to qualify as a hipster because his shorts, sunglasses and short-sleeved shirt look a lot more like routine New York tourist apparel. So we're reluctantly calling BS on the whole hipster thing, which is dragsville if hipsters actually even exist."
—The CyberWire, meditating on art in a Tolstoian mood, in the Daily Podcast for 06.03.19.
The work that followed "Hipster on a Leash" is, of course, "The Persistence of Chaos," a steal a $1.3 million. You lookin' for chaos? We got some persisting right downtown in Baltimore, hon, but it's not for cheap.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Cyber Attacks, Threats, and Vulnerabilities
iOS app developers taking shortcuts on security(Wandera) Despite developers having a mandate from Apple to build end-to-end encryption into their apps, a high number of apps do not. Apple even offers a feature that helps developers comply with data privacy requirements, and our data shows that this isn't being used properly. To understand how app develope
Attackers Stitch Together Frankenstein Campaign Using Free Tools(BleepingComputer) Threat actors behind a highly-targeted series of cyber attacks spanning from January to April 2019 have been seen employing malicious tools built using freely available components to infect victims with malware designed to harvest credentials.
An APT Blueprint: Gaining New Visibility into Financial Threats(Bitdefender Labs) This new Bitdefender forensic investigation reveals a complete attack timeline and behavior of a notorious financial cybercriminal group, known as Carbanak. In mid-2018, Bitdefender researchers investigated a targeted attack on an Eastern European financial... #bitdefenderresearch #Carbanak #cobalt
Top Australian University Reports Vast, 'Sophisticated' Hack(SecurityWeek) A top Australian university with close ties to the country's government and security services on Tuesday said it had been the victim of a vast hack by a "sophisticated operator" who gained access to 19 years of sensitive data.
Geutebrück G-Cam and G-Code(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.2ATTENTION: Exploitable remotely/low skill level to exploitVendor: GeutebrückEquipment: G-Cam and G-CodeVulnerabilities: Cross-site Scripting, OS Command Injection2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.
PHOENIX CONTACT FL NAT SMx(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: FL NAT SMxVulnerability: Improper Access Control2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow unauthorized users full access to the device configuration.
PHOENIX CONTACT PLCNext AXC F 2152(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: PLCNext AXC F 2152Vulnerabilities: Key Management Errors, Improper Access Control, Man-in-the-Middle, Using Component with Known Vulnerabilities2.
Cost of Baltimore ransomware attack so far: $18 million(Maryland Daily Record) Sheryl Goldstein Nearly a month after a ransomware attack crippled Baltimore government computer systems, only about 35% of city employees' access is restored and the invasion has cost the city roughly $18 million. The city's technology department created a "safe environment" to start bringing systems back online, said Sheryl Goldstein, the mayor's deputy chief of staff for operations, who is overseeing the recovery. It's hoped that 90% of Baltimore's 10,000 employees will have access to the city's network by the end of the week.
Sen. Van Hollen: Government sees no EternalBlue in Baltimore ransomware attack - CyberScoop(CyberScoop) A second lawmaker from Maryland now says it doesn’t appear that the ransomware attack in Baltimore relied on a stolen National Security Agency exploit, EternalBlue. “It’s the federal government’s view that EternalBlue was not involved in the ransomware attack in Baltimore City,” Democratic Sen. Chris Van Hollen told CyberScoop on Monday following a briefing on Capitol Hill from NSA officials.
A Password Cracking Dictionary Found Online(Information Security Buzz) A big password cracking dictionary (1,493,677,782 words, 15GB) with every wordlist, dictionary, and password database leak found on the internet. Expert Comments: Jake Moore, Security Specialist at ESET: “This is an enormous database of passwords available to anyone who may want to get their hands on it. This shouldn’t be shrugged off as just another breach. When passwords …
Private Info of Over 1.5M Donors Exposed by UChicago Medicine(BleepingComputer) The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password.
Why four security companies just sold for $1.5B(TechCrunch) If you’re thinking about starting a technology company, you may want to consider focusing on cybersecurity. Last week was an incredible M&A whirlwind with four security companies getting acquired over just a three-day period: On Tuesday, FireEye bought Verodin, a five-year-old startup tha…
SentinelOne Announces $120M Series D(SentinelOne) Expanding the Cybersecurity Platform of the Future, SentinelOne Capitalizes on Unprecedented Global Market Traction in the Largest Endpoint Security Funding Round of 2019
Cisco Continues To Shine(Seeking Alpha) Cisco continues its impressive streak of beating estimates amid strong results. The company's transformation is still in full swing and keeps its strong momentum
SolarWinds Announces Network Insight for Palo Alto Networks(Storage Review) Today SolarWinds extended support of their Network Insight service to Palo Alto Networks and several updates to their existing services. SolarWinds’s Orion Platform is getting upgrades to improve scalability and transparency. SolarWinds was founded in 1999 and is a leading provider of IT infrastructure management software. Palo Alto Networks was founded in 2005 and primarily provides firewalls as well as other cloud-based security services.
Tales From the SOC: Municipal Edition(SecurityWeek) Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.
US to launch new program to fight extremism in Philippines(Military Times) U.S. and Philippine officials on Tuesday discussed a new program to thwart efforts by Muslim extremists to recruit and mobilize followers in the country’s south after a bloody siege by jihadists aligned with the Islamic State group.
House panel worries about Navy’s at-sea network(Fifth Domain) The House Armed Services Committee wants to fence off about 15 percent of the Navy’s funding for its advanced at-sea network until the service answers questions about the program’s cybersecurity.
SEC Charges Issuer With Conducting $100 Million Unregistered ICO(US Securities and Exchange Commission) The Securities and Exchange Commission today sued Kik Interactive Inc. for conducting an illegal $100 million securities offering of digital tokens. The SEC charges that Kik sold the tokens to U.S. investors without registering their offer and sale as required by the U.S. securities laws.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
San Diego Cyber Security Conference(San Diego, California, USA, June 5, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. In San Diego the keynote will be delivered by Darin Andersen, CEO/ Founder NXT Robotics,...
Seattle Cybersecurity Conference(Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.