skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Military Times says the US cyber operations against Iran last week remains obscured by the "fog of war," as Iran denies the attacks had any effect, and some US officials say (on background) that yes, they did.

Refined Kitten, also known as Elfin or APT33, appears to have shifted its tactics after Symantec reported on the Iranian threat group's operations against Saudi targets. Recorded Future has observed the group shelving most of the domains it had used, and registering some 1200 new ones. About half of the newly-established domains are connected with StoneDrill, an upgraded Shamoon wiper.

Refined Kitten has shown an increased preference for commodity malware tools, especially remote-access Trojans. This is a sign of sophistication, not frugality or desperation: among other advantages, using commodity malware can render attribution murkier. APT33 also uses organizations outside the scope of their declared purposes, and the Nasr Institute, which Ars Technica describes as an organization that oversees Iran's computing and networking, seems to be one of Tehran's cyberattack crews.

Silex malware, which bricked large numbers of IoT devices until its command-and-control server went down yesterday afternoon, seems to be the work of three teenagers, Bleeping Computer reports, who glory in the noms-de-hack "Light The Leafon" (or "Light The Sylveon"), "Alx," and "Skiddy." Akamai looked at Silex and found that it worked against default passwords. The motive seems to have been a form of snobbery. The hackers wanted to preempt tiresome skids from exploiting poorly protected IoT devices for cash and bragging rights.

Notes.

Today's issue includes events affecting Belgium, China, Germany, Iran, Russia, Saudi Arabia, South Africa, United Arab Emirates, United Kingdom, United States.

Bring your own context.

Devil's pacts and allies of opportunity as Russia, Iran, and the US jockey for escalation dominance in cyberspace.

"So the Russians and Iranians are allied in certain areas of common interest. Militarily, I think that the alliance has been maybe a bit less pronounced and fairly weak, but, of course, in any time of conflict, that can change radically."

—Sergio Caltagirone, head of threat intelligence at Dragos, on the CyberWire Daily Podcast, 6.25.19.

Proverbially, the enemy of my enemy is my friend...sort of....

Modernizing security analytics and operations with SOAPA.

Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.

It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (dean of research and proprietor of the ISC Stormcast podcast) discusses how malware command-and-control channels make use of TLS. Tamika Smith speaks with Harrison Van Riper from Digital Shadows about their recent report, “Too Much Information: The Sequel,” outlining the increase in data exposure they've observed over the past year.

And Hacking Humans is up. In this episode, "Be wary of all emails," Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor who was scammed out of her life savings. The Catch of the Day warns recipients not to trust the FBI. Carole Theriault interviews Akamai's Larry Cashdollar about scammers using Google Translate to obfuscate web sites.

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Iranian state hackers reload their domains, release off-the-shelf RAT malware (Ars Technica) As CISA warns of sharp rise in Iran hack attempts on US, researchers see same elsewhere.

Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says (CyberScoop) Recorded Future determined that APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct attacks since March 28.

Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations (Recorded Future) Insikt Group profiled an Iranian threat actor's domain and hosting infrastructure to identify recent activity and better understand the group’s TTPs.

Companies on Watch After US, Iran Claim Cyberattacks (Dark Reading) With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries - such as those in the oil and gas and financial industries - need to bolster their security efforts, experts say.

Analysis | The Cybersecurity 202: Here's how Iran disrupted U.S. businesses the last time it launched major cyberattacks (Washington Post) Including Sheldon Adelson's casino.

Stealing Clouds (Reuters) Reuters shows how Chinese hackers invaded myriad global companies, exposing entrenched weaknesses in Western cyber defenses.

US-Israeli cyber firm uncovers huge global telecom hack, apparently by China (Times of Israel) Cybereason says hackers focused on people working in government, law enforcement and politics, gathering private data over a number of years

Cyberespionage Collective Platinum Targets South Asian Governments (IEEE Spectrum) Kaspersky says the group used an HTML-based exploit that's almost impossible to detect

Huawei security: Half its kit has 'at least one potential backdoor' (ZDNet) Huawei's networking firmware is riddled with holes, according to a US security company.

Huawei products riddled with backdoors, zero days and critical vulnerabilities (SC Media) Huawei’s problems keep piling up as a security firm specializing in IoT devices found numerous vulnerabilities across the company’s entire product line.

User Security and Privacy Report Finds Vulnerabilities in Web Trackers and the Rise in Cross-border Data Transfers and Access to User Login Credentials (BusinessWire) Security and Privacy Report finds rise in cross-border data transfers, access to user login credentials across global industry websites

2019 User Security and Privacy Report (Feroot) Find out where unseen threats from third- and fourth party tools may jeopardize your business, security and compliance posture. Download the report now.

New Silex Malware Trashes IoT Devices Using Default Passwords (BleepingComputer) A teen coder and his team developed a new malware named Silex that bricked poorly protected IoT devices by the thousands in a short period of time.

Report: Code Responsible for Equifax Breach Downloaded 21 Million Times Last Year (Nextgov.com) The situation highlights the challenge of securing open source software, which underlies virtually every IT system in government.

State of Software Supply Chain 2019 Report (Sonatype) 2019 State of the Software Supply Chain Report reveals best practices from over 36,000 open source software development teams.

Google’s security efforts are falling short on mobile (Wandera) Google has enjoyed a long history of providing software that is aimed at protecting customers online. Google’s program for eradicating online threats involves the use of both manual and automatic scanners to trawl the internet to locate websites involved in phishing or malware activities.Part

How the U.S. Emergency Alert System Can Be Hijacked and Weaponized (Vice) With a pirate cell tower, it's easy to send fake emergency alerts warning of a terrorist attack, nuclear bomb, or other disaster.

Social engineering forum hacked, user data dumped on rival site (Naked Security) Social Engineered, dedicated to the “Art of Human Hacking,” was gutted, with 55,121 users’ details leaked on the same day as the hack.

The Rise of Silence and the Fall of Coinhive (Dark Reading) Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.

Medicare Supplement Data Breach: 5 million personal records exposed (Comparitech) MedicareSupplement.com exposed 5 million records containing personal information, including some medical details, to anyone with an internet connection.

Every year, millions of web domains are registered to defraud businesses (Help Net Security) The growth of fraudulent domains corresponds to the growth of the overall domain landscape, according the Proofpoint 2019 Domain Fraud Report.

Two US cities opt to pay $1m to ransomware operators (Posilan Ltd) A few days apart, two cities in Florida cave in to extortionists’ demands in hopes of restoring access to municipal computer systems To pay or not to pay ransomware attackers? And if I do pay up, will I get my data back? These have been some truly pressing questions not only for ransomware victims and, …

A third of companies would rather pay a hacker’s ransom, research reveals (PrivSec Report) The Risk:Value Report 2019, by NTT Security, examined the attitudes of more than 2,200 non-IT decision makers to risk and value of cybersecurity to the business across 20 countries. The findings revealed cybersecurity threats are at the top of the agenda for business leaders, with cyber attacks (43%) on the top, followed by data loss …

Security Patches, Mitigations, and Software Updates

VLC media player gets biggest security update ever (Naked Security) Maintainers of the world’s most popular open source media player, VLC, has issued the biggest single set of security fixes in the program’s history.

Use Gmail at work? Now you get security sandbox to fight 0-day threats, ransomware (ZDNet) G Suite gains more phishing protections, including security sandbox and 'confidential mode' self-destructing email.

Google delivers new G Suite security tools (Help Net Security) Google has announced several new security tools for G Suite admins and users, as well as a new 2FA option: one-time security codes based on security keys.

Microsoft OneDrive users get an even more secure Personal Vault (Help Net Security) By the end of the year all users of Microsoft's OneDrive service will get a Personal Vault, with added protection for especially sensitive files.

Cyber Trends

Unitrends’ Fifth Annual Cloud and Disaster Recovery Survey Reveals Data Loss Remains Stubbornly High | Kaseya (Kaseya) Findings detail challenges and opportunities organizations face in protecting data in the cloud, on-premises, and in SaaS applications such as Office365

Data Protection, Cloud, and Proof DRaaS Delivers – Unitrends 2019 Survey Results (Unitrends) For the fifth year in a row, Unitrends conducted a survey on the state of data backup, recovery, DRaaS, and the increasing use of the cloud for data protection. More than 400 respondents from organizations of all sizes and industries took part.

Construction SMEs most at risk from phishing attacks (TechHQ) Relying chiefly on human naivety, phishing scams are becoming more sophisticated and difficult to detect by the day. Regardless of how many security tools

Employees Within Hospitality Industry Are The Most Prone To Phishing Attacks (Information Security Buzz) Today, KnowBe4,  the provider of the world’s largest security awareness training and simulated phishing platform, has released its Phishing By Industry Benchmarking Report 2019 which found, amongst large organisations, those within the Hospitality industry have the highest Phish-Prone Percentage (PPP) of 48 percent and were the most likely to fall victim to a phishing scam. In comparison, employees …

Marketplace

Huawei says it doesn't cooperate with Chinese military — after report says its employees did (CNBC) Huawei's legal chief told CNBC that the company makes "solutions for civil use."

The State of Cybersecurity Hiring (Burning Glass Technologies) The number of cybersecurity job postings has grown 94% since 2013, three times faster than IT jobs overall. But a talent gap persists.

Extreme Networks to Acquire Aerohive Networks (PR Newswire) Extreme Networks, Inc. (Nasdaq: EXTR), a software-driven networking company, and Aerohive ...

Accenture to acquire Australian cyber firm BCT Solutions (Which-50) Accenture has signed a deal to acquire local cybersecurity and technology company BCT Solutions. The company specialises in command and control,

EZShield unveils new name as combined company with IdentityForce (Maryland Daily Record) EZShield and IdentityForce will be combined under a new name -- Sontiq -- the two cybersecurity companies announced Wednesday. Maryland-based EZShield acquired the Massachusetts-based Identity Force last year. The new combined company will be based in Nottingham, Maryland.

CRN Australia - Connecting the Australian Channel (CRN Australia) CRN Australia provides technology news, channel news and tools for VARs, technology integrators, computer consulants and resellers.

Christopher Bailey appointed CEO of NuData Security (MasterCard Social Newsroom) NuData Security today announced that Christopher Bailey, senior vice president and chief technology officer, has been appointed CEO of NuData and executive vice president of EMV/Digital Devices at Mastercard.  Christopher’s appointment follows the retirement of Michel Giasson, who served as CEO of NuData for the last 12

Products, Services, and Solutions

Veristor and OneLogin Partner to Build Secure, Seamless Experiences for Customer Enterprises (Veristor) #Veristor and #OneLogin will Deliver a Unified Access Management Platform for Simple and Secure Access to Applications and Data, Anytime and Everywhere.

Acuant Incorporates Machine Authentication of KINEGRAM® Security Features in Travel Documents (Acuant) Acuant announced its partnership with OVD Kinegram to incorporate the Kinegram Optical Machine Authentication in AssureID™ document authentication services.

Moody's, Israel's Team8 to create cyber risk standard for businesses (Reuters) Ratings agency Moody's Corp and Israeli cyber group Team8 launched on Thurs...

Anonymous VPS Hosting Provider BitLaunch Releases DDoS Protection and Privacy Product (PR Newswire) BitLaunch announces release of a new remote DDoS protection product for customer servers, providing 500gbit+/s...

Technologies, Techniques, and Standards

The Cloud Risk Surface Report (RiskRecon) The Cloud Risk Surface Report: sign up to be the first to receive a copy of this new report.

CIS Controls Internet of Things Companion Guide (Yahoo) New Resource Helps Organizations Apply the CIS Controls to the loT EAST GREENBUSH, N.Y. , June 27, 2019 /PRNewswire/ -- Internet of Things (IoT) devices aren't just invading our homes; these smart, connected ...

​​Unisys Security Experts Offer "Top 10 Safety Tips for Big Events" in Advance of Summer Events Season (Unisys) Unisys Corporation (NYSE: UIS) today announced its Top 10 "Tips to be Security Savvy at Big Events" in the wake of a new survey showing Americans are fearful of both physical and cyber attacks at large-scale events just as the summer event season gets underway.

Design and Innovation

Buried in Facebook's Libra White Paper, a Digital Identity Bombshell (CoinDesk) Buried in Facebook’s Libra white paper are two sentences hinting the project's ambitions go even further than minting a global currency.

Google creates educational tools to help kids spot fake news (Naked Security) Google has expanded its internet safety guide for children with techniques and games to help them be more info-literate online.

Humans are 'better than AI' at discovering vulnerabilities - say humans (SC Magazine) A new research survey claims that humans are still in the driving seat of vulnerability research when compared to ML/AI tools - AI yet to claim a bug-bounty.

Academia

Get the Lowdown on the Logos! (Wicked6 Cyber Games) Now that June has arrived, the Wicked6 team has shifted into high gear. This month marks the start of the Wicked6 tournament, and we’ve already passed many milestones.

Legislation, Policy, and Regulation

Top cybersecurity official: U.S. should employ "range of tools" against active adversaries (CBS News) The U.S. government should leverage a diverse array of retaliatory and response measures as cyberattacks become more pervasive, according to Chris Krebs

Use Of Cyber War As Force Multiplier In US-Iran Escalation – OpEd (Eurasia Review) The US-Iran relations have escalated since the withdrawal of the United States of America from the Iran nuclear deal. This resulted in harsh sanctions exacerbating the sharp decline of Iran’s econo…

UAE data protection law, similar to GDPR, likely landing this year (TechRadar) National Cybersecurity Strategy to be executed in a three-year timeframe with 60 initiatives

OPINIONISTA: South Africa takes a quantum leap and joins the race (Daily Maverick) Quantum technologies are exploding and no longer the purview of laboratory experiments only. The race is on for governments and private industries to adopt its most promising and robust ideas into applications. Already a billion-pound (R18-billion) industry in the UK, most developed countries and a few BRICS states have already invested millions of euros in quantum technologies. Should South Africa follow suit?

Huawei Gets New Pressure From Congress as Trump Prepares to Meet Xi (Bloomberg) Senate resolution designates Huawei a risk to U.S. security. Measure calls for more pressure on allies, including Germany.

China to Insist U.S. Lifts Huawei Ban as Part of Trade Truce (Wall Street Journal) Chinese President Xi Jinping plans to present President Trump with a set of terms the U.S. should meet before Beijing is ready to settle a market-rattling trade confrontation, raising questions of whether the two leaders will agree to relaunch talks.

Mark Zuckerberg: We can't stop Russian election interference by ourselves, US government must help (CNBC) "As a private company we don't have the tools to make the Russian government stop," Facebook CEO Mark Zuckerberg said at the Aspen Ideas Conference on Wednesday. "We can defend as best as we can, but our government is the one that has the tools to apply pressure to Russia, not us."

Facebook CEO Mark Zuckerberg on election interference: Feds have 'tools to apply pressure to Russia, not us' (USA TODAY) Breaking up Facebook, Mark Zuckerberg said Wednesday, wouldn't solve issues of misinformation, privacy or election interference.

Mark Zuckerberg says Facebook is 'evaluating' deepfake policy (Mashable) Facebook may soon have new rules for "deepfakes."

Senators spar with Google exec over use of 'persuasive technology' (TheHill) Lawmakers expressed disbelief on Tuesday when a Google executive told a Senate panel that the company does not use persuasive techniques targeted at its users.

Pelosi: Congress will receive election security briefing in July (TheHill) Speaker Nancy Pelosi (D-Calif.) announced Wednesday that Congress will receive an election security briefing from administration officials next month, as Democrats put pressure on Senate Majority Leader Mitch McConne

CIOs See End of ‘AI Gone Wild’ in Congressional Hearings (Wall Street Journal) Chief information officers this week are keeping a close eye on federal hearings concerning misinformation and malicious activity in social media—fearing a broader regulatory clampdown on the use of artificial intelligence.

INSA Paper Examines Impediments to Security Reciprocity, Offers 14 Policy and Process Improvements (INSA) Delays caused by inefficiencies in security reciprocity, the process of “passing” a worker’s clearance from one agency to another, result in the estimated loss of 1,000 contractor labor-years at a cost of approximately $2 billion to the Intelligence Community and upwards of $8 billion across the Federal Government each year, according to a new INSA white paper.

Should states band together to buy cybersecurity services? (Fifth Domain) State governments face the same cybersecurity threats that menace the federal government and the private sector. But when it comes to defending against those threats, state resources are comparatively scarce.

State, local governments urged to toughen cyber defenses (Maryland Daily Record) The city of Baltimore website on June 4 reflected the damage done by malware attack discovered a month earlier.

Paying a Hacker’s Ransom Shouldn’t Be a Crime (Bloomberg) A federal law outlawing the practice would be a very bad idea.

Litigation, Investigation, and Law Enforcement

'Decade of negligence': Feds fail to protect Americans' info, report says (ABC11 Raleigh-Durham) Several major federal agencies that collect vast amounts of personal data about American citizens routinely failed to adequately protect it, a congressional report says.

The Daily 202: Five things to watch when Bob Mueller testifies (Washington Post) The next fight will be whether the former special counsel’s deputies also testify.

Hacker threw Molotov cocktail, dropped USB drive of his DDoS deeds (Naked Security) Those things drop out of pockets at the worst times. Like, say, when you’re hurling a bomb at a brick-and-mortar that you’ve also DDoSed.

Black Market T-Mobile Location Data Tied to Spot of a Triple Murder (Vice) In 2017, two bounty hunters and a fugitive died in a chaotic shoot-out. Shortly after their deaths, someone started tracking one of the bounty hunter's phones.

Google and the University of Chicago Are Sued Over Data Sharing (New York Times) The lawsuit demonstrates the tension between building A.I. systems and protecting the privacy of patients.

McAfee sues ship-jumping sales staff over trade secret theft allegations (Register) Complaint claims rival Tanium's hires took deal data with them

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

PCI SSC 2019 Europe Community Meeting (Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...

PCI SSC 2019 Asia-Pacific Community Meeting (Melbourne, Australia, November 20 - 21, 2019) The PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry...

Upcoming Events

GovSummit (Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...

5th Annual Cyber Security For Defense (Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...

Tampa Cybersecurity Conference (Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

INTERPOL World 2019 (Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...

Minneapolis Cybersecurity Conference (Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.