Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 6, 2019.
Swell prizes for lucky survey takers.
We're working to improve the quality, relevance and overall value of the CyberWire’s content, and so we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.
By the CyberWire staff
Ars Technica and others report that Risk Sense has a BlueKeep proof-of-concept exploit.
The EU's mission to Moscow suffered a long-running "sophisticated cyber espionage event" that began in February 2017 and continued through its discovery in April, BuzzFeed reports. Russian organizations, probably intelligence services, are believed to be behind the attack, which netted the hackers an undisclosed haul of information. The EU did not disclose the incident, evidently not wishing to roil political waters on the eve of European elections.
Symantec's report on Russian influence operations in the 2016 US elections reveals Moscow's efforts to have been more extensive, more patient, and more balanced, ideologically, than previously assumed. A core group of main accounts (often bogus news services) was supported by a very large number of auxiliary accounts responsible for amplification. Messaging was designed to appeal to left and right roughly equally, with the most disaffected partisans most heavily targeted.
C4ISRNET suggests a possible motive for Russian GPS spoofing in the Black Sea: executive protection against drones. The incidents were highly correlated with President Putin's movements.
Lookout finds the advertising plug-in "BeiTaAd" in a lot of Google Play apps—about 230. This is more than just mildly irritating: BeiTaAd uses obfuscation normally seen in malware to obtrude itself into users' attention, yammering wildly across lockscreens, hooting video ads while the phone's supposed to be asleep, and so on. More than 440-million devices are believed to be infested. BeiTaAd can be hyperactive enough to render a phone effectively unusable, Threatpost comments.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Israel, Russia, United Kingdom, United States, and Vietnam.
Bring your own context.
Is it possible to devise a security system that can't be defeated by inventive human laziness, more or less well-intentioned, but still at bottom ergophobic? What about this blockchain thing we've heard about?
"Basically, the way you interact with the blockchain is you have a secret, which is known as a private key. If you're the holder of that private key, you can commit funds to the blockchain and you can take funds out. The private key is basically like a PIN number to your bank account. If anybody is able to get that private key, they can steal your funds. I was researching one day how exactly your private key is generated, and during my research, I found that people were using the private key of 1. The private key is supposed to be 78 digits long... But, you know, somebody decided, hey, let's use 77 digits, all of those being zero, and then the last digit is 1. So, effectively, they had the private key of 1. And if you go in and look at that address that's generated from a private key of 1, you'll see thousands of transactions committed to that key. So there've been lots of people interacting and colliding using this shared private key."
—Adrian Bednarek, senior security analyst at Independent Security Evaluators, hipping everyone to Ethercombing on Reserch Saturday's 6.1.19 edition.
What? Technically, seventy-seven zeroes followed by a one is seventy-eight digits, right? So what's the problem? Next time make it seventy-seven ones and a zero. What? That wouldn't do it either? There's no pleasing this blockchain thing...
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) discusses the implications of Google's throwing its weight behind MTA-STS, a protocol intended to make e-mail more secure. Our guest, Josh Stella from Fugue, talks about security and compliance in cloud infrastructure.
And, of course, Hacking Humans is out. In this episode, "The best way to break in is to walk through the front door," Joe describes one of history’s great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and the hacker named “Alien” in Jeremy Smith’s Breaking and Entering. She has her own book coming out later this year, Data Breaches: Crisis and Opportunity.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
New adware "BeiTaAd" found hidden within popular applications in app store(Lookout) BeiTaAd is a well-obfuscated advertising plugin hidden within a number of popular applications in Google Play. The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device.
Identifying Vulnerabilities in Phishing Kits(Akamai) While recently examining hundreds of phishing kits for ongoing research, Akamai discovered something interesting - several of the kits included basic vulnerabilities due to flimsy construction or reliance on outdated open source code. Considering the impact phishing kits have on...
LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach(KrebsOnSecurity) Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.
Cyber Criminals Are Making Bank Using Stolen Doctor Credentials on the Dark Net(Gizmodo) A new report by a leading cybersecurity firm finds that healthcare organizations are becoming an increasingly attractive target for criminal hackers due to the premium that black markets place on private health information—and in particular, the credentials of physicians that can be used to facilitate health insurance fraud.
Healthcare Cyber Heists in 2019 | Carbon Black(Carbon Black) To better determine how these cybercriminals are hiding behind invisibility cloaks to remain undetected, Carbon Black conducted a survey, comprising input from CISOs of many of the world’s largest financial institutions. The purpose of the survey is to improve telemetry for threat hunt teams and defenders. Read the report to learn more.
Comment: Australian uni breach(Information Security Buzz) Following news that an Australian university has been hacked, affecting sensitive data going back 19 years, please find below comment from SailPoint, the identity governance experts. The comment covers the importance of ensuring that sensitive data is governed by cybersecurity measures, regardless of the system in which it is kept – on premises or in the …
Security Patches, Mitigations, and Software Updates
Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools(BleepingComputer) Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).
Do personality traits matter in cyber security?(ITWeb) Certain personality traits seem to make us more or less likely to fall prey to specific attacks or scams, says Anna Collard, MD and founder of Popcorn Training – a KnowBe4 company.
China grants first 5G licenses amid Huawei global setback(TechCrunch) It’s official. After much anticipation, China named the first companies to receive 5G licenses for commercial use on Thursday. The announcement from the Ministry of Industry and Information Technology, the country’s telecoms authority, came as Huawei, the Chinese company that captured n…
Elastic Announces Intent to Acquire Endgame(Elastic) Proposed acquisition will add Endgame’s endpoint security product into the Elastic Stack; joint product development and go-to-market will extend Elastic’s existing SIEM efforts
Innovative Solutions to Enhance Cybersecurity(Times of Israel) In recent years, our world has become hyper-connected, and while that offers many substantial benefits to both corporations as well as individuals, these benefits come with a hefty price tag on our privacy and security.
82nd Airborne Division hosts cyber network defense class(DVIDS) The 82nd Airborne Division hosted its first cyber network defenders class at the division headquarters, on Fort Bragg, May 31, 2019.
The All American Cyber Academy provided 15 students further training on network defense tools taught in Advanced Individual Training. It also introduced students, attending the academy, to new techniques and practices to better defend Army networks.
A Cyber Force for Persistent Operations(Joint Forces Quarterly) Harvard’s Samuel Huntington, then just 27, asked the U.S. Navy in 1954, “What function do you perform which obligates society to assume responsibility for your maintenance?”
Securing Our Cyber Future(Stanford University) Download the new white paper "Securing American Elections: Prescriptions for Enhancing the Integrity and Independence of the 2020 U.S. Presidential Elections and Beyond," by Stanford scholars affiliated with the new Cyber Policy Center using the button below.
Draft NDAA Includes Multiple Requirements for DoD IT(MeriTalk) The House Armed Services Committee draft version of the fiscal year 2020 National Defense Authorization Act (NDAA), released June 3, includes multiple provisions that would increase congressional oversight over multiple Defense Department (DoD) technology initiatives.
Rebel with a cause(C4ISRNET) Chris Lynch reflects on his years guiding the Defense Digital Service and how his
CYBERCOM Official Calls Data Fusion ‘Critical’ Among Intel Agencies(MeriTalk) David Luber, Executive Director and third highest ranking official at U.S. Cyber Command, said today it is vital for intelligence agencies to embark on “data fusion” efforts that will create interoperability of data and data-handling systems between agencies.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
PCI SSC 2019 North America Community Meeting(Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
Seattle Cybersecurity Conference(Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Gateway Innovation Center: Partners in Cyber(Columbia, Maryland, USA, June 6, 2019) The Howard County Economic Development Authority will host a multifaceted panel event on June 6. Each of our speakers represents leading cyber and technology organizations in the region which provide valuable...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.