Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 24, 2019.
By the CyberWire staff
US Cyber Command is said to have conducted offensive operations against Iranian targets as a reprisal for Tehran's attacks on commercial shipping in the Gulf of Oman, and for the shootdown of a US Global Hawk unmanned drone. Yahoo, which broke the story late Friday, said the attacks were directed against an Iranian intelligence unit responsible for supporting attacks against shipping by tracking tanker traffic. The specific Iranian agency was unnamed, but it's said to be associated with the Revolutionary Guard. The Washington Post reported that Cyber Command had disabled Iranian rocket and missile command and control systems in the region, which (if so) would be a direct riposte to the Global Hawk shootdown.
Reports of this US cyberattack are sourced to anonymous US officials not authorized to speak publicly. US Cyber Command has declined to comment for reasons of operational security. US Vice President Pence also declined comment, according to the Wall Street Journal, citing policy regarding comment on "covert operations." The Jerusalem Post reports that Iran says the US cyberattack indeed happened, but that it failed.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned that Iran is increasing the tempo of cyberattacks against US targets. CISA cautions that Iran could be expected to engage in wiper attacks. These gain access to target networks through familiar methods, particularly phishing, password spraying, and credential stuffing, but their aim is data destruction, not theft. CISA's advice for staying safe from these and other threats may be found here.
Today's issue includes events affecting Canada, China, European Union, France, Germany, Iran, Israel, Romania, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.
Bring your own context.
How might well-intentioned security measures backfire? Middleboxes might, sometimes, do just that.
"Doing something that is pro-security - in this case, having an inspection looking for malware trying to protect users - is actually putting them at risk, and it might be doing less of a service than what you really think it is."
—Nick Sullivan, head of cryptography at Cloudflare, discussing "Monsters in the Middleboxes" on Research Saturday, 6.22.19.
Worth a look, particularly in enterprises that for various reasons need to inspect encrypted traffic passing between the users they manage and the Internet
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
Cloudflare outage affecting numerous sites on Monday AM [Update: fixed](TechCrunch) Cloudflare, a company providing performance and security to websites, is having network problems of its own this morning — and taking down a lot of its customers’ sites and apps in the process. Affected companies include podcast app Overcast, chat service Discord, managed hosting provid…
US struck Iranian military computers this week(Military Times) U.S. military cyber forces launched a strike against Iranian military computer systems on Thursday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran’s downing of a U.S. surveillance drone, U.S. officials said Saturday.
US hits Iran with cyberattack: reports(Deutsche Welle) The US reportedly launched a cyberattack on Iran in response to the downing of an unmanned drone. Cybersecurity firms have also reported a rise in Iranian attempts to hack US companies and government agencies.
U.S. Carried Out Cyberattacks on Iran(New York Times) The operation went forward because it was intended to be below the threshold of armed conflict — using the same shadow tactics that Iran has used.
U.S. Launched Cyberattacks on Iran (Wall Street Journal) The U.S. covertly launched offensive cyber operations against an Iranian intelligence group’s computer systems on Thursday, the same day President Trump pulled back on using more traditional methods of military force.
U.S. Struck Iranian Military Computers This Week: AP Sources(SecurityWeek) U.S. military cyber forces launched a strike against Iranian military computer systems on as President Donald Trump backed away from plans for a more conventional military strike in response to Iran's downing of a U.S. surveillance drone, U.S. officials said.
Trump reportedly cancels attack on Iran as US planes were in the air(Washington Examiner) BACK FROM THE BRINK: Last night all signs pointed to an imminent U.S. military response to Iran’s shootdown of an unmanned American spy plane Thursday morning. While President Trump was cagey with reporters yesterday, suggesting that perhaps “somebody who was loose and stupid” had given the orders,…
U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks(BleepingComputer) According to a statement by the U.S. Cybersecurity and Infrastructure Security Agency, an increase in cyberattacks utilizing destructive wiper tools has been detected targeting U.S. industries and government agencies by Iranian actors or proxies.
Russian accounts pushed fake Rubio tweet warning of British spy threat to US elections (CNN) A network of suspected Russian accounts promoted a fake tweet purportedly sent by Sen. Marco Rubio claiming that a purported British spy agency planned to derail the campaigns of Republican candidates in last November's midterm elections, research from the think tank Atlantic Council shows. The false claim was later repeated by RT, the Russian state-backed media network.
New Malware Designed To Go After Linux Systems(neoRhino IT Solutions) Linux systems aren't targeted by hackers as often as Windows and iOS-based systems, but they're certainly not immune. Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems....
LTE flaws let hackers ‘easily’ spoof presidential alerts(TechCrunch) Security vulnerabilities in LTE can allow hackers to “easily” spoof presidential alerts sent to mobile phones in the event of a national emergency. Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50…
WeTransfer Security Incident Sent Files to the Wrong People(BleepingComputer) In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.
Pledges to Not Pay Ransomware Hit Reality(Dark Reading) While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.
Facebook makes another push to shape and define its own oversight(TechCrunch) Facebook’s head of global spin and policy, former UK deputy prime minister Nick Clegg, will give a speech later today providing more detail of the company’s plan to set up an ‘independent’ external oversight board to which people can appeal content decisions so that Facebook…
Who’s going to use the big bad Libra?(TechCrunch) There is so much to write about Libra, and so much which has already been written misses the mark, mostly, I think, because most pundits haven’t spent much time in the developing world, which is very clearly the target market here. Just look at its launch video: I’ve seen apocalyptic re…
YouTube confirms a test where the comments are hidden by default(TechCrunch) YouTube’s comments section has a bad reputation. It’s even been called “the worst on the internet,” and a reflection of YouTube’s overall toxic culture, where creators are rewarded for outrageous behavior — whether that’s tormenting and exploiting their chi…
Amid tough talk, Trump says he could be Iran's 'best friend'(13 WTHR Indianapolis) President Donald Trump said Saturday that military action against Iran was still an option for its downing of an unmanned U.S. military aircraft, but amid heightened tensions he dangled the prospect of eventually becoming an unlikely "best friend" of America's longtime Middle Eastern adversary.
Saudi Spy Chief Lobbies London for Strikes against Iran(Tasnim News Agency) A Saudi intelligence chief pleaded with British authorities to carry out limited strikes against Iranian military targets, just hours after Donald Trump called off planned US attacks against the Islamic Republic, a senior UK official said.
Explainer: Will Russia Return To PACE Next Week?(RadioFreeEurope/RadioLiberty) On June 24, the Parliamentary Assembly of the Council of Europe (PACE) will begin its summer session in Strasbourg and it is expected to vote on a report that could welcome Russia back to the chamber after a three-year hiatus.
Here’s what an AI code of conduct for the Pentagon might look like(C4ISRNET) In the debate over artificial intelligence, both sides may not actually be talking about creating new ethics, but rather discussing a code of conduct for how AI will be used and monitored. Here is one path for how developing a code of conduct might begin.
CISA’s ICT Supply Chain Risk Management Task Force Makes Key Acquisition Recommendation(Department of Homeland Security) The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.
Facebook and eBay told to tackle trade in fake reviews(TechCrunch) Facebook and eBay have been warned by the U.K.’s Competition and Markets Authority (CMA) to do more to tackle the sale of fake reviews on their platforms. Fake reviews are illegal under U.K. consumer protection law. The CMA said today it has found “troubling evidence” of a “…
Google links expose school of Ana Kriegel murderers(Times) Google’s “related searches” service is providing people who type in the name of Boy A, and the town where he lives, with the name of the school he and Boy B attended. The two boys were found guilty...
Report: Two Israeli Brothers Arrested for Hack of Bitfinex Crypto Exchange(Yahoo) Two Israeli brothers have been arrested in connection with the hack of cryptocurrency exchange Bitfinex and other crypto-related phishing attacks, finance news outlet Finance Magnates reports on June 23. An Israeli police spokesperson reportedly told Finance Magnates that Eli Gigi and his younger brother
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Insider Threat Program Management 360 Training Course(Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
5th Annual Cyber Security For Defense(Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...
Tampa Cybersecurity Conference(Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.