Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 25, 2019.
By the CyberWire staff
Cybereason has released a report on a long-running, extensive (but highly focused) campaign, "Operation Soft Cell," that compromised mobile networks to collect metadata. It appears to be the work of Chinese intelligence services, specifically APT10 (also known as Stone Panda). It's "either APT10 or someone operating just like them," as the Register puts it, to express the attribution with proper caution.
The Washington Post notes that the US did, as promised over the weekend, announce new sanctions against Iran, with President Trump warning Iran not to overestimate American patience or restraint, as both of these have limits. For its part Iran pointed out that it could knock down an American drone any time it decided to do so, and that "the enemy knows it." According to the Wall Street Journal, the new sanctions directly affect senior Iranian leaders. Observers tell the Post that an Iranian cyber campaign, if one continues to develop, will probably resemble Tehran's earlier work: opportunistic and destructive.
Positive Technologies looks at mobile device security and finds that a prospective data thief rarely needs physical access to a phone in order to pull information from it. The root problem, the researchers find, lies in insecure data storage, and the problems with such storage all too often derives from the earliest stages of app development, where design decisions are made without fully thinking through their security implications.
Cloudflare traces yesterday's US Internet outages to a "cascading catastrophic failure" that began with Verizon. Thus, a fumble, not an attack.
Today's issue includes events affecting China, Germany, Iran, Ireland, Israel, Russia, United Kingdom, United States.
Bring your own context.
Loud and primitive threat actors are opportunistic and go for the easily exploitable. But remember, the low, slow, quiet, and sophisticated threats can do much the same.
"And in many of these cases, we're seeing the sophistication that occurs afterwards not be particularly high with some of these really loud actors. But keep in mind that those vulnerable hosts, those default credentials, sit out there for more sophisticated actors to use as well - so the things that we need to be concerned about, even if the very loud ones aren't actually causing much impact at the end of the day."
—Mike Benjamin, senior director of threat research at CenturyLink's Black Lotus Labs, on the CyberWire Daily Podcast, 6.21.19.
The bad actors' goal usually isn't to display their own virtuosity.
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
ON THE PODCAST
In today's podcast, out later this afternoon, we talk with our partners at Dragos, as Sergio Caltagirone outlines the growing tensions between the US, Russia and Iran and offers some insight into how providers of critical infrastructure can prepare to withstand them. Tamika Smith interviews Danielle Gaines, a reporter for Maryland Matters, on Maryland Governor Hogan’s response to the Baltimore ransomware incident: the creation of the Maryland Cyber Defense Initiative.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
What to make of US cyber activities in Iran(Fifth Domain) Experts told Fifth Domain that a cyberattack in Iran signals that U.S. leaders are becoming increasingly comfortable with cyberwarfare and, in some cases, now view cyber operations as a half-step removed from a kinetic conflict.
Hackers are stealing years of call records from hacked cell networks(TechCrunch) Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers have systematically broken in to more than 10 cell networks around the world to d…
Vulnerability Summary for the Week of June 17, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Cisco’s Duo Security Now Offers Out-of-the-Box Multi-Factor Authentication for Amazon Web Services(Duo Security) Cisco’s Duo Security, the leading multi-factor authentication (MFA) and Zero Trust for the Workforce provider, today announced enhanced MFA support for Amazon Web Services (AWS). AWS customers can add additional protection to their AWS Directory Service applications with Duo’s Push-based MFA in less than 10 minutes. Using the Duo MFA Quick Start for Directory Service, customers can easily deploy Duo MFA by automating hundreds of procedures into a single click.
Iran Greets Latest U.S. Sanctions With Mockery(New York Times) Both hard-liners and reformers argued that the new sanctions would have little practical impact. One Iranian joked on Twitter: “The only people left to sanction are me, my dad and our neighbor’s kid.”
Federal Cybersecurity: America's Data at Risk(United States Senate Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs) Federal government agencies are the frequent target of cybersecurity attacks. From 2006 to 2015, the number of cyber incidents reported by federal agencies increased by more than 1,300 percent.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
10th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 4 - 5, 2019) This year's theme is, "Reinventing Cybersecurity: Addressing Tomorrow's Top Cyber Challenges." The summit has become the world's leading summit on government cybersecurity. It will convene again U.S. and...
CyberCon 2019(Anaheim, California, USA, November 19 - 20, 2019) CyberCon 2019 targets executives, leaders and decision makers from the power and utilities and cybersecurity industries, including CEOs, CFOs, COOs, CSOs and CISOs, as well as national security advisors,...
Insider Threat Program Management 360 Training Course(Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
5th Annual Cyber Security For Defense(Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...
Tampa Cybersecurity Conference(Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.