Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 7, 2019.
Take a short survey. (With a chance for swell prizes.)
As always, we're working to improve the quality, relevance and overall value of the CyberWire, and so we’ve put together a short survey that should take five minutes or less to complete. This survey is of course completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire merchandise at the end.
By the CyberWire staff
Signs point to Chinese intelligence services as the operators behind the recent hack and attendant data breach at the Australian National University. The Sydney Morning Herald says investigators believe one of the campaign's principal objectives was to groom Australian students headed into civil service careers for recruitment as agents.
The risks of Remote Desktop Protocol vulnerabilities come into sharper focus. Morphus Labs warns that a botnet, "GoldBrute," is scanning and brute-forcing about a million-and-a-half RDP servers.
Iran's hacking group MuddyWater (also known as SeedWorm) might have seen more of its tools leaked online, but that hasn't made it pull in its horns. Clearsky warns that the threat group is actively impersonating government accounts and using at least two new techniques: Microsoft documents carrying malicious macros, and exploitation of CVE-2017-0199 (that is, Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API). These of course aren't new attack tactics, but they're new for MuddyWater, and represent Iranian intelligence and security services' longstanding determination to learn lessons and improve their game.
The RIG exploit kit is now being used to deliver Buran ransomware, BleepingComputer reports. The best defenses against this Russian strain of ransomware ("буран," "blizzard") are updated security software (since Buran arrives via exploit kits), sound offline backup, and properly suspicious users.
Cryptocurrency firms are under attack, Infosecurity Magazine says. GateHub users lost some $9.7 million, and blockchain startup Komodo (not to be confused with security firm Comodo) hastily patched a vulnerability in its wallet.
Today's issue includes events affecting Australia, Canada, China, India, Iraq, Israel, Republic of Korea, Pakistan, Philippines, Russia, Tajikistan, United Kingdom, United States.
Bring your own context.
You wouldn't jump off the Empire State Building because an app told you to, right? Would you shrug and give it whatever data it asked for?
"Well, definitely, apps are taking as much data as they can. And they're getting away with it. Apple does give you controls as a user to limit, you know, oh, you don't necessarily have to show your - share your exact location with an app, or you don't have to share your contacts. And those are all good things that people should spend more time thinking about. But the truth is most people just click yes on whatever the apps ask for, and then they get it. And so that's a big hole that we're all falling into."
—Geoffrey Fowler, tech columnist for the Washington Post, on the CyberWire Daily Podcast, 6.3.19.
Apps serve at least two masters. One of them isn't you.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses natural gas infrastructure security. Our guest, Frank Downs from ISACA, talks about the challenges educators face preparing the cyber security workforce.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Researchers uncover new MuddyWater targeting of government, telecommunications entities(CyberScoop) Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security...
The MuddyWater APT Group Adds New Tools to Their Arsenal(BleepingComputer) The Iranian MuddyWater cyber-espionage group added new attack vectors to use as part of hacking campaigns targeting telecommunication and governmental organizations according to an analysis from the Clearsky Security threat intelligence outfit.
The RIG Exploit Kit is Now Pushing the Buran Ransomware(BleepingComputer) The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.
Threat Spotlight: Modular Malware(Barracuda) Modular malware provides an architecture that is more robust, evasive, and dangerous than typical document-based or web-based malware.
Millions of Exim Mail Servers Exposed to Local, Remote Attacks(BleepingComputer) A critical severity vulnerability present in multiple versions of the Exim mail transfer agent (MTA) software makes it possible for unauthenticated remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.
Fortune 500 giant Tech Data exposed customer and billing data(TechCrunch) Security researchers said a security lapse at IT giant Tech Data allowed them to access customer and billing data. The Fortune 500 information technology giant secured an exposed server shortly after researchers Noam Rotem and Ran Locar found and reported the leaking data. The server was running a …
Optergy Proton Enterprise Building Management System(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: OptergyEquipment: Proton/Enterprise Building Management SystemVulnerabilities: Information Exposure, Cross-site Request Forgery, Unrestricted Upload of File with Dangerous Type, Open Redirect, Hidden Functionality, Exposed Dangerous Method or Function, Use of Hard-coded
Panasonic Control FPWIN Pro(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.3ATTENTION: Low skill level to exploitVendor: PanasonicEquipment: Control FPWIN ProVulnerabilities: Heap-based Buffer Overflow, Type Confusion2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities could crash the device and allow remote code execution.
Into the Web of Profit: Behind the Dark Net Black Mirror(Bromium) ‘Behind the Dark Net Black Mirror’ is the next chapter of ‘Into the Web of Profit’ study, offering unique insights into the volume and variety of malware and hacking services available on the dark net. The author, Dr. Mike McGuire, tells a compelling story about how this underground trade is threatening enterprises, their employees, customers, …
Second reported data breach in as many days prompts cybersecurity warnings, tips(Healio) The health care diagnostics company LabCorp announced that “unauthorized activity” occurred on the webpage of American Medical Collection Agency, LabCorp’s external collection agency, impacting up to 7.7 million patients. The breach occurred between Aug. 1, 2018, and March 30, 2019 and involved customers’ personal, medical and payment information, but not ordered tests,
Computer system partially restored after cyber attack(Citizens' Voice) Luzerne County’s computer system, effectively shut down since last week by a cyber attack, continues to recover but will not be fully restored until at least this weekend, according to David Parsnik, county director of administrative services. Servers for
Security Patches, Mitigations, and Software Updates
macOS Catalina Brings Several Security Improvements(SecurityWeek) macOS 10.15 Catalina brings several security-related improvements, including an enhanced Gatekeeper, a dedicated read-only volume for the OS, data protections, and support for Activation Lock.
The Exabeam 2019 State of the SOC Report(Exabeam) The Exabeam 2019 State of the SOC Report is based on the results of an April 2019 survey of US and UK security professionals who are involved in the management of security operations centers (SOC) across CISO, CIO, management, and analyst roles.
Raphael Satter on brilliant spies, terrible spies, and “medium” spies(Columbia Journalism Review) Raphael Satter’s beat at the Associated Press covers straightforward crime reporting and high-tech espionage, with a special fondness for people who are bad at their jobs. His most recent scoop, shared with colleague Isabel Debre, chronicled Facebook’s purge of “coordinated inauthentic activity” on accounts run by an Israeli company called the Archimedes Group, “
Cyber Insurance and Systemic Market Risk(EastWest Institute) The EastWest Institute (EWI) today released a new report: Cyber Insurance and Systemic Market Risk—developed to provide a framework to better understand and address the systemic nature of cyber risk and the challenges it presents to the burgeoning cyber insurance industry.
CrowdStrike boosts IPO targets 30%, now hopes to raise up to $621M(Silicon Valley Business Journal) The Sunnyvale unicorn's valuation could be as much as $5.9 billion, nearly twice what Palo Alto Networks was valued at when it went public in 2012. It would be the highest valuation ever for a U.S. cybersecurity company on IPO day.
Form S-1/A: CrowdStrike Holdings,(StreetInsider.com) Approximate date of commencement of proposed sale to the public: As soon as practicable after this Registration Statement becomes effective.
Thales buys AI specialist(Jane's 360) Thales has announced the acquisition of US-based artificial intelligence company Psibernetic. The French headquartered group said the purchase will allow it to create “certifiable AI” with “explainable AI processes for applications in safety-critical environments”.
Swimlane Adds Key Hires to Leadership Team(Yahoo) Swimlane, a leader in security orchestration, automation and response (SOAR), today announced several leadership appointments to help drive global expansion in marketing and sales. President and Chief Operating Officer (COO) Jim Hansen, Senior Vice President of Global Sales Tom Smith, and Vice President
For HHS, blockchain means faster ID management and safer mangoes(Federal News Network) The Department of Health and Human Services already uses blockchain in its acquisition shop to buy bulk items more cheaply, but now the Food and Drug Administration sees it as a tool to manage threats to the global food supply chain.
The Missing Mandate In Australia’s Efforts To Protect The Finance Sector From Cyber Threats(Information Security Buzz) Australia’s financial services industry regulator has a new information security standard that is set to kick in from July, opening up a potential pathway to a much-needed national intelligence-led attack simulation scheme for the industry. The Australian Prudential Regulation Authority’s (APRA) incoming CPS 234 standard on information security, which late last year was fast-tracked “due …
NDAA draft focuses on AI, cyber oversight(FedScoop) A key defense subcommittee aims to increase its oversight of the Department of Defense’s cyber-activity, artificial intelligence development and technology acquisition in a draft of the 2020 National Defense Authorization Act it approved Tuesday. The House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities wants to require the Pentagon to file more reports on several …
The Snowden Effect, Six Years On(Just Security) Reforms inspired by Edward Snowden's disclosures six years ago about the NSA's warrantless electronic surveillance still fall woefully short.
DHS cyber deficiencies are improving, says watchdog(Fifth Domain) While deficiencies in the department’s overall patch management process and shortfalls with weakness remediation and security awareness training activities were reported, these are being addressed alongside a FEMA data breach.
Extradition hearing for Huawei CFO set for early 2020(CTV News Vancouver) British Columbia's Supreme Court has accepted a proposal by the defence team for Huawei executive Meng Wanzhou that would see her extradition hearing begin Jan. 20, more than a year after she was taken into custody.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Layer 8 Conference(Providence, Rhode Island, USA, June 8, 2019) Come learn about social engineering and intelligence gathering. The Layer 8 Conference is the first conference in New England to be solely focused on social engineering and intelligence gathering. This...
NetDiligence® Cyber Risk Summit(Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...
SecureWorld Chicago(Chicago, Illinois, USA, June 13, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Baltimore Cybersecurity Conference(Baltimore, Maryland, USA, June 13, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.