Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 26, 2019.
By the CyberWire staff
CNN identifies one Iranian group hit with a US cyberattack last week: Kata'ib Hezbollah, a Shi'ite militia said to be an Iranian military proxy. Kata'ib Hezbollah is thought to have access to Iranian missiles.
Myanmar has shut down mobile networks in substantial sections of the Rakhine province, CNN reports. The blackout was imposed in conjunction with a military sweep. The Irrawaddy says the government intends to keep the networks down until the situation stabilizes: locals are believed to phone insurgents information on government operations. Foreign Policy notes that the Arakan Army, a major ethnic Rakhine Buddhist insurgent group, uses Facebook for coordination and inspiration.
Finite State studied the supply chain and found Huawei gear unusually buggy. It doesn't say the bugs were deliberate, but the report casts doubt on whether low-price Huawei represents best value.
Researchers at Netskope track a spam campaign that's distributed LokiBot and NanoCore since April. The phishbait is a diffident notice about an overdue invoice with an ISO file (specifically a disk image). LokiBot checks for web or email servers, locates email and file transfer credentials, and detects popular remote administration tools. NanoCore is a remote access Trojan.
ProPublica reports that Emsisoft, in an investigatory sting, found that ransomware recovery service Red Mosquito would pay the ransom, and then charge the customer four times that amount for its services. Emsisoft objects mostly to the lack of transparency: there might be times you'd pay ransom, Emsisoft says, but you should be clear that that's what you're doing.
Today's issue includes events affecting Argentina, Australia, Brazil, Canada, China, Estonia, European Union, France, Germany, India, Indonesia, Iran, Israel, Italy, Japan, Luxembourg, Mexico, Myanmar, Russia, Saudi Arabia, South Africa, South Korea, Turkey, United Kingdom, United States.
Bring your own context.
Somebody on TOR was looking for open RDP ports shortly after the BlueKeep vulnerability was announced and patched. Why?
"But they're building up their list of places to go once they have that exploit and that software written. And if I were going to do this, I would make that list available to the software somehow. I'm not going to waste time scanning for machines with RDP open. I'm just going to go through the list of those I know are open."
—Joe Carrigan, of the Johns Hopkins University's Information Security Institute, on the CyberWire Daily Podcast, 6.24.19.
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour describes various trends they're tracking in Europe and the US, and how those trends differ from one another. Our guest is David Politis from BetterCloud with his take on today's biggest security concerns.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
US carried out cyberattack on Iranian backed militia(CNN) The US military conducted a major cyberattack on Iranian proxy group with forces in Iraq, Syria and inside Iran in the days after Iran shot down a US drone last week, according to two US officials with knowledge of what happened.
Iran Denies Being Hit by US Cyber Attack(SecurityWeek) Iran claims no cyber attack against the Islamic republic has ever succeeded, after American media reported the US launched one last week amid a standoff between the two countries.
LokiBot & NanoCore being distributed via ISO disk image files(Netskope) Netskope Threat Research Labs has been tracking multiple similar malspam campaigns that began in April 2019. The spam campaign contains an ISO image file as an attachment containing the next level payload. This blog post details both the campaign and the payload. MalSpam Campaign The malspam campaign began in April 2019, with a generic message …
The Next Generation of Criminal Financing(Terbium Labs) Payment fraud is used to launder money for organized crime syndicates, subsidize the costs of trafficking in drugs, guns, and humans, and provide material support for terrorist groups.
Tracing the Supply Chain Attack on Android(KrebsOnSecurity) Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices.
Finite State Supply Chain Assessment(Finite State) Read our large-scale study of the cybersecurity-related risks embedded within Huawei network devices done by analyzing their firmware at an unprecedented scale.
Notice of Data Security Incident(Dominion National) Safeguarding the privacy of your personal information is a top priority for us, and we make every effort to protect your information. Despite these efforts, Dominion National experienced a data security incident.
Putting a value on the 50x coder(Fifth Domain) The Pentagon's best coders address problems unburdened by traditional thinking, in innovative ways, maximizing the dual-purpose of digital tools, and can generate decisive cyber effects. So how should the Pentagon protect them?
Huawei says two-thirds of 5G networks outside China now use its gear(TechCrunch) As 5G networks begin rolling out and commercializing around the world, telecoms vendors are rushing to get a headstart. Huawei equipment is now behind two-thirds of the commercially launched 5G networks outside China, said president of Huawei’s carrier business group Ryan Ding on Tuesday at a…
Ransomware Recovery Firm Caught Wanting to Pay Off Hacker(PCMAG) A sting operation from a security researcher has uncovered evidence that a ransomware recovery provider in the UK has been paying off the hackers to release the computers — and then charging clients to pay an inflated fee.
Code Dx and AdaCore Partner to Provide an Ada Application Security Testing Toolsuite(West) Code Dx, Inc., provider of an award-winning application security management solution that automates and accelerates the discovery, prioritization, and risk management of software vulnerabilities, today announced its partnership with AdaCore, a trusted provider of software development and verification tools for the Ada, C, and C++ programming languages.
NeuVector adds container runtime security to AWS infrastructure(SiliconANGLE) Container network security firm NeuVector Inc. today said it’s integrating its security tools with some of Amazon Web Services Inc.’s public cloud infrastructure services to help companies running Kubernetes workloads better protect those deployments.
Facebook’s searchable political ads archive is now global(TechCrunch) Facebook has announced it’s rolled out a basic layer of political ads transparency globally, more than a year after launching the publicly searchable ads archive in the US. It is also expanding what it dubs “proactive enforcement” on political ads to countries where elections or r…
Why We Wrote the World’s First Cyber Breach Communication Playbook(LinkedIn) When we looked at how 14 large organisations managed the fallout from a major cyber breach – the media coverage and public perception – what we saw was not pretty. As the former head of Australia’s Internet Industry Association for nearly 15 years, I’ve struggled with
G20 leaders urged to embrace cryptocurrency regulation(IT-Online) G20 leaders must take decisive steps towards a multilateral cryptocurrency regulatory framework – failure to do so would be negligent. This is the message from Nigel Green, chief executive and founder of deVere Group, speaking ahead of the G20 summit taking place in Osaka, Japan, this week. He comments: “Due to the astonishing and quickening …
UK law review eyes abusive trends like deepfaked porn and cyber flashing(TechCrunch) The UK government has announced the next phase of a review of the law around the making and sharing of non-consensual intimate images, with ministers saying they want to ensure it keeps pace with evolving digital tech trends. The review is being initiated in response to concerns that abusive and of…
NSA Improperly Collected U.S. Phone Records a Second Time(Wall Street Journal) The National Security Agency collected data about calls and text messages that it wasn’t authorized to obtain last year, in a second such incident, renewing privacy concerns about its phone-surveillance program.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
10th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 4 - 5, 2019) This year's theme is, "Reinventing Cybersecurity: Addressing Tomorrow's Top Cyber Challenges." The summit has become the world's leading summit on government cybersecurity. It will convene again U.S. and...
CyberCon 2019(Anaheim, California, USA, November 19 - 20, 2019) CyberCon 2019 targets executives, leaders and decision makers from the power and utilities and cybersecurity industries, including CEOs, CFOs, COOs, CSOs and CISOs, as well as national security advisors,...
Insider Threat Program Management 360 Training Course(Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
5th Annual Cyber Security For Defense(Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...
Tampa Cybersecurity Conference(Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.