Zero trust in one click. Impossibly simple microsegmentation
If we can land rockets on a barge, if we can search 30 trillion web pages in mere seconds, if cars can drive door to door autonomously, why does microsegmentation still take months to implement and cause so many headaches? Edgewise has radically simplified microsegmentation to one click, using machine learning and zero trust security:
Eliminate network attack surface in your hybrid cloud
Tensions between the US and Iran, already high over attacks on tankers in the Arabian Gulf and ongoing disputes over Iran's nuclear ambitions, have risen significantly in the wake of Iran's shootdown of a US Air Force RQ-4A Global Hawk reconnaissance and surveillance drone. The US says the drone was in international airspace over the Straits of Hormuz; Tehran says the RQ-4A was flying over southern Iran. Cyber battlespace preparation appears to be underway: WIRED says that Dragos and CrowdStrike have reported a surge in phishing emails deployed against a range of American targets. The actor is said to be APT33, also known as Magnallium or Refined Kitten. FireEye, without naming the threat actor, says it's seeing much the same. It's not known if any of the attempts have been successful, nor is it clear whether their goal is reconnaissance or staging.
Under pressure to do something about abuse of its platform to foment violence in Sri Lanka and Myanmar, Facebook is trying something other than content moderation: "introducing friction." TechCrunch says Facebook will limit the number of times users around the region can share a message. For now, the limit is five.
ESET and Malwarebytes are tracking similar cross-platform cryptominers, respectively LoudMiner and BirdMiner. They share some infection vectors. Trend Micro also has its eye on a cryptominer: this one a Satori-like botnet that arrives via the Android Debug Bridge.
Agari tells Axios that email scammers run their operations like a business, complete with consultants and lead generation systems.
Today's issue includes events affecting Canada, China, Ethiopia, European Union, France, Hungary, Iran, Israel, Myanmar, Russia, Sri Lanka, Taiwan, United Kingdom, United States.
Bring your own context.
How should we understand microsegmentation? It's Delphic.
"You can think of it almost as intrusion detection on your east-west communications inside your network. So it would be things from your data tier to your app tier.... I think in general, the level of complexity of any large distributed system is approximately unknowable by any one person. So not only do you get to see the shadow IT, you get to see the systems that have been set up and deployed that are doing key critical business services that you had no idea about."
—Tom Hickman, vice president of engineering at Edgewise Networks, on the CyberWire Daily Podcast, 6.19,19.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
ON THE PODCAST
In today's podcast, out later this afternoon, we hear from our partners at CenturyLink, as Mike Benjamin discusses RDP scanning and the GoldBrute campaign. Our guest is Michael Coates, former CISO of Twitter and former head of security at Mozilla, now at Altitude Networks. He talks with us about better ways of addressing CISOs' needs, thereby improving the sales process.
Cyber Security Summits: Seattle on June 25th and in DC on July 16(Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Critical Security Warning For iPhone Users(Forbes) The roughly 1.4 billion users of Apple's iOS powered iPhone and iPad devices have been warned of a critical security issue that could leave their personal data at risk. Here's what you need to know.
Felipe, a new infostealer Trojan(Zscaler) The Zscaler ThreatLabZ team came across the Felipe infostealer Trojan, which silently installs itself onto a user’s system and connects to a command-and-control (C&C) server to send system information and bank card numbers from the compromised system.
Important message for our members(Desjardins.com) Visit www.desjardins.com to learn more about our products and services: savings, investments, loans, insurance, online brokerage, transaction services and more.
Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs(Fossbytes) One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you're installing such programs from unknown sources, the chances of you getting hacked are pretty good.
Verizon Users Loses Coinbase Funds Following SIM Hijack(The Merkle Hash) There are numerous ways for cryptocurrency enthusiasts and speculators to lose their funds. In a lot of cases, this is due to an error on their part. However, there are external circumstances which often go beyond the user’s control. Especially when it comes to SIM swap fraud and similar criminal business models, things get out of hand fairly quickly. Verizon Users Loses Thousands of Dollars Cryptocurrency users have fallen victim to mobile phone hijacking over the past few years. This particular method is used by criminals as a way to gain full control over one’s mobile number. In most cases,
NASA Lab Hacked Using A $25 Raspberry Pi Computer(Fossbytes) A NASA lab was hacked using a Raspberry Pi. This breach occured in April 2018 where NASA's Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen. A federal report of the incident confirms that a Raspberry Pi to gain access to the system. It also highlighted the major security lapses that were present in NASA's network for about a decade and made the breach possible.
Hunting for Linux library injection with Osquery(AT&T Cybersecurity) When analyzing malware and adversary activity in Windows environments, DLL injection techniques are commonly used, and there are plenty of resources on how to detect these activities. When it comes to Linux, this is less commonly seen in the wild.
PHOENIX CONTACT Automation Worx Software Suite(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: Automation Worx Software SuiteVulnerabilities: Access of Uninitialized Pointer, Out-of-bounds Read, Use After Free2.
Which states have the most data breaches? Data breaches by US state(Comparitech) Data breaches are common in headlines these days, but they are not equally spread out in terms of location. Data breaches occur far more often in some US states than others, and the number of records lost or stolen varies as well. Comparitech analyzed data on the last 10 years worth of data breaches to …
Ethiopia’s bid to become an African startup hub hinges on connectivity(TechCrunch) Ethiopia is flexing its ambitions to become Africa’s next startup hub. The country of 105 million with the continent’s seventh largest economy is revamping government policies, firing up angel networks, and rallying digital entrepreneurs. Ethiopia currently lags the continent’s tech standouts—like …
ZTE targets bigger role in UK's 5G build out - Mobile News Online(Mobile News Online) The Chinese operator showcased a lag free 5G hologram call earlier this week with Orange Spain ZTE has laid down its aim to make the UK a major footprint for the Chinese firm in Europe as it expressed confidence it can compete with rivals in 5G build outs. Speaking to Mobile News at Global 5G
Zscaler Appoints James Cater as Vice President and General Manager of EMEA(Yahoo) Zscaler, Inc., the leader in cloud security, has appointed James Cater as Vice President and General Manager for the EMEA region. With more than 25 years of experience in security, Cater will lead Zscaler’s business across the region, including adding and expanding relationships with local and regional
Cybeta™ Launched to Protect Businesses from Cyber Attacks(Yahoo) Liberty Advisor Group is proud to announce the launch of Cybeta™, a suite of intelligence products and services designed to help keep your business off the Cyber X. The product suite is effectively predictive of future breaches and can give you the business threat intelligence needed to outpace your
BlackBerry devices unaffected by Triada malware(CrackBerry.com) In response to Google publishing details surrounding the Triada family of malware, BlackBerry has posted a new blog post noting BlackBerry devices are unaffected while highlighting their approach to security.
What is Homomorphic Encryption?(Hashed Out by The SSL Store™) Homomorphic encryption solves a vulnerability inherent in all other approaches to data protection Imagine if you work in the financial services industry — or, maybe you already do. Every day,...
4 Bug Bounty Myths Dispelled(GovInfo Security) Bug bounty myths: All such programs must be public, run nonstop, pay cash to bug-spotters and allow anyone to join. But HackerOne's Laurie Mercer says such programs
Cybersecurity's Automation Imperative(BankInfo Security) With cybersecurity becoming ever more difficult to monitor and manage, and product and data overload triggering cyber fatigue amongst cybersecurity professionals,
Researchers develop 'vaccine' against attacks on machine learning(Phys.org) Researchers from CSIRO's Data61, the data and digital specialist arm of Australia's national science agency, have developed a world-first set of techniques to effectively 'vaccinate' algorithms against adversarial attacks, a significant advancement in machine learning research.
Senate wants to boost oversight of Pentagon’s cyber activities(Fifth Domain) Several provisions in the Senate’s version of the annual defense policy bill aim to increase oversight of cyber activities in the Department of Defense, including a new two-star general officer to serve as the senior military adviser to cyber policy.
Could a new office protect critical US tech?(Fifth Domain) Legislation is being added to the defense authorization bill that would create an executive office dedicated to cybersecurity protection, as well as reform security clearance procedures.
Terry Gou resigns as Foxconn’s chairman to run for president of Taiwan(TechCrunch) Terry Gou said at Foxconn’s annual general meeting today that he is leaving the electronics manufacturing giant as he prepares to run for president of Taiwan. Gou, who founded Foxconn (also known as Hon Hai Precision Industry Co.) 45 years ago and is also its biggest shareholder, will remain on the…
Litigation, Investigation, and Law Enforcement
Behavioural advertising is out of control, warns UK watchdog(TechCrunch) The online behavioural advertising industry is illegally profiling internet users. That’s the damning assessment of the U.K.’s data protection regulator in an update report published today, in which it sets out major concerns about the programmatic advertising process known as real-time…
Inside the FBI's Fight Against Cybercrime(Dark Reading) Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Mitigation Boot Camp Training(Las Vegas, Nevada, USA, August 9, 2019) The Insider Threat Defense Group will hold our highly sought Insider Threat Mitigation Training, in Las Vegas, Nevada, at the Tropicana Las Vegas Casino Hotel. This comprehensive one-day training will...
Maryland Cyber Solutions Showcase(Baltimore, Maryland, USA, September 19, 2019) The Maryland Cybersecurity Solutions Showcase is the single source for businesses, government agencies and nonprofit organizations of every size in every industry to find: Information (get answers to cybersecurity...
Insider Threat Program Management 360 Training Course(Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
5th Annual Cyber Security For Defense(Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...
Tampa Cybersecurity Conference(Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.