Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 14, 2019.
By the CyberWire staff
E&E News says the North American Electric Reliability Corporation (NERC) issued a non-public warning to utilities that Xenotime, a threat hitherto seen mostly in the oil and gas sector, has been conducting reconnaissance against the grid. The warning is based on research by Dragos, which says that the "activity group" has evidently expanded its target list to the electrical power sector without necessarily abandoning its earlier interests. Dragos thinks Xenotime should be taken seriously (it is, after all, the group responsible for Trisis/Triton, which affected some industrial safety systems), but cautions against overhyping the problem: "no new capabilities [are being] deployed and [the activity observed amounts to] early reconnaissance not compromises of electric utilities."
At least two hacking groups are exploiting the "Return of the Wizard" remote code execution vulnerability in Exim mail servers that was publicly disclosed last week, ZDNet notes. Exim servers handle a large fraction of the world's email traffic, and users are urged to patch. BleepingComputer suggests that an encouragingly large fraction of users are doing just that.
AP reports that a fictitious persona, "Katie Jones," is seeking connections on LinkedIn. The story speculates that the fictional Ms Jones is a catphish deployed by a foreign intelligence service, trolling for recruits. The affair is reminiscent of 2010's Robin Sage experiment. Katie Jones, however, represents an advance over Robin Sage in that the persona seems to have been built in part with the aid of artificial intelligence.
Julian Assange's extradition proceedings advanced today, according to the Guardian.
Today's issue includes events affecting Canada, China, Jamaica, Russia, United Kingdom, United States.
Bring your own context.
Third-party Android app stores can be as dodgy as they are common. Perhaps you've downloaded what you took to be a popular game from one of those stores, and wondered why it didn't work. Glitch, right? Not necessarily.
"So, once a user installs the app and tries to run the game, there is no icon present on the dashboard, right? So, because there is no game, the user will not be able to start anything after the installation is complete. But in the back end, the app is actually running, and it starts sending SMS messages. It communicates with the command-and-control server, where it reports the infected device and waits for further instructions from there."
—Deepen Desai, Zscaler's vice president security research and operations, on Research Saturday, 6.15.19, up early tomorrow morning.
The game may be working fine. It's just working for someone other than you.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
ON THE PODCAST
In today's podcast, up later this afternoon, we speak with our partners at Accenture, as Justin Harvey offers advice for job-hunting grads. Our guest is Dr. Matthew Dunlop, Vice President and Chief Information Security Officer for Under Armour, who discusses the challenges involved in protecting one of the world’s best-known brands.
Cyber Security Summits: Seattle on June 25th and in DC on July 16(Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Surveillance-Savvy Hong Kong Protesters Go Digitally Dark(SecurityWeek) Hong Kong's tech-savvy protesters are going digitally dark as they try to avoid surveillance by disabling location tracking on their phones, buying train tickets with cash and purging their social media conversations.
Millions of Exim Mail Servers Are Currently Being Attacked(BleepingComputer) Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Industrial Managed Switches 852-303, 852-1305, and 852-1505Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known Vulnerabilities2.
Johnson Controls exacqVision Enterprise System Manager(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.7Vendor: Johnson ControlsEquipment: exacqVision Enterprise System Manager (ESM)Vulnerability: Improper Authorization2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow malicious code execution.
BD Alaris Gateway Workstation(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Remotely exploitable/low skill level to exploitVendor: (BD) Becton, Dickinson and CompanyEquipment: Alaris Gateway WorkstationVulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type2.
Medical infusion-pump system has two serious bugs, researchers say(CyberScoop) Researchers have found two vulnerabilities in a type of infusion-pump system, which hospitals used to administer medication, that they say could allow a hacker to disable the device, infect it with malware, or create false readings. The vulnerabilities are in a pump system known as the Alaris Gateway Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based medical equipment vendor.
Intel joins Patch Tuesday with 11 security updates(SC Magazine) The three most critical patches cover three product categories: Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise, Intel NUC PC and Intel Raid Web Console 3 for Windows
DoD to Streamline Cyber Acquisition With New Certification Model(Meritalk) The Defense Department (DoD) Office of Under Secretary Acquisition of Sustainment is creating a new certification model to streamline DoD’s cybersecurity acquisition processes, Special Assistant to DoD’s Assistant Secretary of Defense Acquisition for Cyber Katie Arrington said at the Professional Services Council Federal Acquisition Conference today.
Cybersecurity Turns To Crowdsourcing Amid Hiring Woes(PYMNTS.com) Cybersecurity is one of the main tasks in the world of digital commerce and payments, and it’s a task that is getting more attention from consumers, companies, regulators and others. But there’s a big problem in this realm — a shortage of cybersecurity experts, the people with the training and expertise to defend retail and […]
CrowdStrike Joins Cybersecurity Winning Streak (Wall Street Journal) All the fretting about online privacy and security is paying off for some investors. Shares of cybersecurity company CrowdStrike jumped on their second day of trading, rising to nearly double their IPO price.
Capstone Headwaters Advises Rook Security on its Acquisition by Sophos(Capstone Headwaters) Indianapolis, Ind. - Capstone Headwaters, a leading international investment banking firm, advised Rook Security on its acquisition by Sophos (LSE: SOPH). Barnes & Thornburg LLP served as legal counsel to Rook on the transaction. Terms of the deal were not disclosed.
5G, the end of location privacy?(Silent Pocket) As 5G is starting to become a reality with our smartphones and their carriers, but at what cost? 5G cellular network has a much smaller broadcast range than the 4G networks at current, which means more cell towers overall.
GraceKennedy enters cyber-insurance market(Loop Jamaica) Local insurance provider GK Insurance (GKI) is introducing a cyber-insurance product designed to help businesses and individuals survive cyberattacks by offsetting the co
Facebook’s New Cryptocurrency Gets Big Backers(Wall Street Journal) Facebook has signed up more than a dozen companies including Visa, Mastercard, PayPal and Uber to back the new cryptocurrency that the social-media giant plans to unveil next week.
Common service centres to restart Aadhaar related work within a week(LiveMint) CSC stopped providing Aadhaar-related services after the UIDAI withdrew authorisation from them following debates around data security.There are 3.9 lakh village level entrepreneurs (VLE) that are running common service centres in rural areas across the country
Design and Innovation
Will Analog AI Make Mythic a Unicorn?(Next Platform) There are two trends converging in AI inference and so far, only a small number of companies are enmeshed. The first trend takes us back to the future
Senators Question FBI on Russian Hack of Voting Firm(SecurityWeek) Two U.S. senators asked the FBI on Wednesday to explain what it has done to investigate the suspected hack by Russian intelligence of a Florida-based voting software company before the 2016 election.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NetDiligence® Cyber Risk Summit(Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...
CyCon 2.0 Manassas Edition(Manassas, Virginia, USA, June 15, 2019) CyCon is touching down in Manassas with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies.
Hack in Paris 2019(Paris, France, June 16 - 20, 2019) Intrusion attempts are more and more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place...
Gartner Security & Risk Management Summit 2019(National Harbor, Maryland, USA, June 17 - 20, 2019) Make sure you have the latest insights on fast-moving IT trends such as IoT and AI, evolving security technologies and the ever-changing threat landscape. At Gartner Security & Risk Management Summit 2019,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.