Zero trust in one click. Impossibly simple microsegmentation
If we can land rockets on a barge, if we can search 30 trillion web pages in mere seconds, if cars can drive door to door autonomously, why does microsegmentation still take months to implement and cause so many headaches? Edgewise has radically simplified microsegmentation to one click, using machine learning and zero trust security:
Eliminate network attack surface in your hybrid cloud
A Russian espionage operation, "Waterbug" (others call the actor "Turla") appears to have hijacked Iran's OilRig ("Crambus") infrastructure, Symantec reports. The activity falls into three distinct campaigns: one using Meterpreter, another a hitherto unremarked backdoor ("Neptun"), and the third a backdoor that executes PowerShell scripts without powershell[dot]exe. (Symantec doesn't attribute Waterbug or Crambus to any nation-states, but notes that press reports have done so.)
Trend Micro describes a cyberespionage campaign ("Bouncing Golf") afflicting targets in the Middle East. It shows some significant similarities to the earlier Domestic Kitten campaign Check Point last September attributed to Iran.
vpnMentor found an exposed database (now secured) belonging to Florida advertising agency X Social Media. The database contained business and personal information concerning medication side-effects, defective infant-care products, injuries attributable to pesticides, medicines, or medical devices, and US veterans' combat wounds. Much of X Social Media's ad business is said to lie with law firms cultivating class action suits.
SecurityWeek says Retrieval-Masters Creditors Bureau Inc., AMCA's corporate parent, has filed for Chapter 11 bankruptcy. The action is the result of the AMCA data breach that affected Quest Diagnostics, LabCorp, and BioReference Laboratories. That breach was publicly revealed on June 3rd when Quest disclosed it in an 8K filing.
The City Council of suburban Riviera Beach, Florida, voted unanimously to pay ransomware extortionists $600,000 to recover city files. The AP reports the town understands it's a crapshoot: even paying may not get them their files back. WPTV points out that backups would have been cheaper.
Today's issue includes events affecting Australia, Canada, China, France, Germany, Iran, Democratic Peoples Republic of Korea, Netherlands, Russia, Saudi Arabia, Serbia, Turkey, United Kingdom, United States.
Bring your own context.
Dwell time is how long an attacker maintains a presence in the target's systems.
"Over the last few years, we saw a real rise in smash-and-grab kinds of attacks, like ransomware. The evidence of the attack is the benefit of the attack: they attack and then they want to tell the victim, 'I've broken into your system. Give me some money, or I'm not going to give you your data back.' And so in that case, dwell time is very, very short. But if you think about a more strategic attack, where they're trying to exfiltrate data, whether it's credentials or financial information or trade secrets, the best way for the attacker to do that is to remain on that system for a long period of time, to take out as much data as they can and not make themselves so instantly discoverable."
—Jack Danahy, senior vice president of security at Alert Logic, on the CyberWire Daily Podcast, 6.18.19.
The attacker's goal determines how long they need to stay in the target, and that affects the tactics and techniques they use.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Cyber Security Summits: Seattle on June 25th and in DC on July 16(Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
DHS Email Phishing Scam(US-CERT) The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into
Nanocore RAT via fake DHL failed delivery in Chinese(My Online Security) A quick post about the latest in a long, long, long, very, very long line of fake DHL delivery failure emails delivering all sorts of malware. Today’s version is slightly different to the ones we…
Phone Scammers Fake Apple Support by Phishing User Account Info(neoRhino IT Solutions) Telephone phishing scams (also known as Vishing Scams) have been around for ages, and robocalling has been on the rise recently. Companies are taking a stand and improving their cybersecurity against these annoying scam attempts, and one company that is...
Google Pushes Confidential Android Security Update to Pixel User(BleepingComputer) Google has mistakenly sent out a confidential Google-only dogfood build of their upcoming July 2019 security update to a Pixel owner. These builds are meant to be used internally by Google employees and are not meant to be pushed out to normal users.
Ford School experiences latest phishing storm in ‘U’ community(The Michigan Daily) The University of Michigan Ford School of Public Policy was the target of phishing scams this past week after Public Policy students, faculty and staff received an email last Tuesday from phishers masquerading as staff members inquiring about their recipients’ schedule availability.In an email statement to The Daily, Sol Bermann, University interim chief information security officer, explained phishing is a phenomenon that affects organizations worldwide.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates for Multiple Products(US-CERT) Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:
Red Hat Security Advisory 2019-1517-01(Packet Storm) Red Hat Security Advisory 2019-1517-01 - GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol, Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and other protocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has been addressed.
BlueKeep warnings having little effect on Windows patching(SearchSecurity) Another BlueKeep warning has been issued, this time by the Department of Homeland Security -- but public scanning results indicate the security advisories have had little effect on getting organizations to patch the Windows vulnerability.
AP-NORC poll: Majority worry about 2020 foreign meddling(Washington Post) A majority of Americans are concerned that a foreign government might interfere in some way in the 2020 presidential election by tampering with election results, stealing information or by influencing candidates or voter opinion, a new poll shows
AMCA Files for Bankruptcy Following Data Breach(SecurityWeek) Retrieval-Masters Creditors Bureau, the company that operates American Medical Collection Agency (AMCA), has filed for Chapter 11 bankruptcy due to a recent data breach affecting millions of individuals.
Digital Guardian Names Susan Walker Chief Financial Officer(Digital Guardian) Digital Guardian today announced the appointment of Susan Walker as Chief Financial Officer (CFO). This news comes on the heels of Digital Guardian’s recent $30 million funding round and the expansion of its engineering, corporate strategy and product management leadership team.
NSS Labs Announces 2019 SD-WAN Group Test Results(NSS Labs, Inc.) All products tested met the use case requirements and offer a good ROI AUSTIN, Texas – June 19, 2019 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its 2019 Software Defined Wide Area Network (
Insurance(BAE Systems | Cyber Security & Intelligence) Our solution for the insurance market uses data to help achieve critical business objectives by improving the quality of data captured, securing it and employing advanced analytic techniques to enable better informed decision making.
Fortinet launches new WAN and edge security platform(SearchSecurity) Fortinet has launched Secure SD-Branch, an edge security platform designed to secure the WAN and access edge using Fortinet security products, such as Fortinet Security Fabric, to converge WAN and security into an integrated platform.
Where AI factors in to DHS election security(Fifth Domain) Artificial intelligence's profile is rising but humans need to remain in the process to take on high-level problems, according to the director of the Cybersecurity and Infrastructure Security Agency.
Investigation and Response is a Team Sport(SecurityWeek) With a platform that can act as a virtual cybersecurity situation room, analysts can have a single location to investigate collaboratively and share the same pool of threat data and evidence.
Facebook's Libra cryptocurrency: where are the banks?(The Block) When looking at a new money or payments system meant to replace an old one, one need only look at who is missing from the list of partners to understand what is being replaced. In the case of the Facebook-led Libra Association, which was unveiled today, the missing link from our current financial world is …
Facebook's Libra will not help the unbanked(Facebook) For the last century, new communications technologies — radio, television, VCRs, the internet — have all been initially sold as something that will help with education, and have actually been used for entertainment.
Cloudflare's Ethereum Gateway(The Cloudflare Blog) Today, we are excited to announce Cloudflare's Ethereum Gateway, where you can interact with the Ethereum network without installing any software on your computer.
Artificial Intelligence and the Good Society(The Aspen Institute) The report of the 2019 Aspen Institute Roundtable on Artificial Intelligence surfaced some of the key vectors of engagement that must be joined when directing AI development. Most of all, the report reflects discussions on how to prod AI development in the right directions—and what, indeed, are those “right directions?”
Battlefield Internet(Foreign Affairs) The U.S government needs to play a more assertive role in protecting the public from digital threats, just as it protects it from conventional ones.
Big Brother Comes to Belgrade(Foreign Policy) Chinese facial recognition software has arrived in Serbia. It confirms the West’s worst fears about Huawei.
New Senate Bill Would Make Tech Giants Responsible for the Content Hosted on Their Platforms(Cheddar) Republican Senator Josh Hawley (R-MO) is taking on tech giants with a new bill proposed Wednesday. It would hold companies like Facebook and Youtube responsible for toxic content on its platform, stripping these companies of their current protections. Rick McElroy, Head of Security Strategy at Carbon Black, joins Cheddar to discuss the impact this bill would have on big tech companies if it passes.
Voting machine giant lobbies for paper ballots over election security concerns(CNN) The US's largest election equipment manufacturer has begun quietly lobbying Congress to force all voting equipment to create a paper trail, a sharp departure after years of selling paperless digital machines that can't be fully audited. The change of stance comes amid concerns over the security of elections following Russia's interference effort in the 2016 presidential election.
Russian Hack or CrowdStrike Ruse?(American Greatness) Robert Mueller may live to regret indicting Roger Stone.
Stone is the long-time Republican political operative who made headlines in January when he was hauled out of his home by a squad of FBI agents adorned in tactical gear and carrying M4 rifles. The ostentatious display of
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Mitigation Boot Camp Training(Las Vegas, Nevada, USA, August 9, 2019) The Insider Threat Defense Group will hold our highly sought Insider Threat Mitigation Training, in Las Vegas, Nevada, at the Tropicana Las Vegas Casino Hotel. This comprehensive one-day training will...
Maryland Cyber Solutions Showcase(Baltimore, Maryland, USA, September 19, 2019) The Maryland Cybersecurity Solutions Showcase is the single source for businesses, government agencies and nonprofit organizations of every size in every industry to find: Information (get answers to cybersecurity...
Hack in Paris 2019(Paris, France, June 16 - 20, 2019) Intrusion attempts are more and more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place...
Gartner Security & Risk Management Summit 2019(National Harbor, Maryland, USA, June 17 - 20, 2019) Make sure you have the latest insights on fast-moving IT trends such as IoT and AI, evolving security technologies and the ever-changing threat landscape. At Gartner Security & Risk Management Summit 2019,...
ICX Insurance Summit with Pindrop and MassMutual(Springfield, Massachusetts, USA, June 19 - 20, 2019) MassMutual, together with Pindrop, is hosting the Identity & Customer Experience (ICX) Summit specifically for insurance organizations to discuss current issues and share strategies and ideas around security...
Boston Cybersecurity Conference(Chicago, Illinois, USA, June 20, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Management 360 Training Course(Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.