How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
March 1, 2019.
By the CyberWire staff
Varonis describes a major campaign to distribute Qbot banking malware. Qbot is polymorphic, and has evolved continuously since its discovery in 2009. Varonis says thousands of machines are now under Qbot's control.
The US Departments of Labor and Transportation are, Federal News Nework Reports, fighting spoofing attacks targeting the Departments' contractors.
Bug hunters may be viewed as the gig-economy portion of the cybersecurity sector. Both HackerOne and Bugcrowd have reports on that sub-sector, and HackerOne has an interview with the first bug-hunter to earn a million dollars in bug bounties.
US Cyber Command's action against Russian troll farms during the US midterm election cycle has been receiving generally favorable reviews, like this enthusiastic one from Jason Healey in the Cipher Brief. An op-ed in Lawfare, also positive, thinks that Cyber Command has made an enduring contribution by "clarifying the art of the possible."
A decision is due at any time, says Fortune, on whether Canada will extradite Huawei's CFO to the US to face charges related to money laundering and sanctions evasion. Reuters notes that the US shows no disposition to relent on its view of Huawei as a security threat. Huawei is defending itself on two fronts. First, it's pleading not guilty to charges of industrial espionage. Second, it continues to deny that it effectively operates as an arm of Chinese intelligence services. And besides, as the Verge reports, its chairman offers a tu quoque: what about all that US NSA and Cyber Command stuff we keep hearing about?
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
CYBERTACOS RSA(San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.
Experience Deep Learning for Network Threat Protection at RSA 2019(San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims(Varonis Blog) The Varonis Security Research team discovered a global cyber attack campaign leveraging a new strain of the Qbot banking malware. The campaign is actively targeting U.S. corporations but has hit networks worldwide—with victims throughout Europe, Asia, and South America—with a goal of stealing proprietary financial information, including bank account credentials. During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack.…
Cyber spoofing attack hits Labor, Transportation Departments(Federal News Network) In today's Federal Newscast, the cybersecurity firm Anomali Labs says it's found a malicious server hosting two separate phishing campaigns targeting government contractors looking to do business with the Labor and Transportation departments.
Fake Browser Updates Push Ransomware and Bank Malware(Security Boulevard) Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog.
The Uncharted Territory Of M&A Cyber Risks(PYMNTS.com) Merger and acquisition (M&A) activity continues to accelerate as 2019 progresses, both in terms of volume and value of M&A deals. Deloitte research found 79 percent of organizations expect merger activity to grow in the coming year, up from 70 percent that said the same for 2018. While corporate mergers can drive business growth, they […]
U.S. approves Thales takeover of Gemalto with condition(Nasdaq) The U.S. Justice Department said on Thursday it was requiring Thales SA to divest its general purpose hardware security module (GP HSM) business in order for Thales to proceed with its proposed acquisition of Gemalto NV.
2019 Hacker Report(HackerOne) Welcome to the age of the hacker. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. We share some of their stories and celebrate their impact in this, the third annual Hacker Report.
Much Ado About the Cyber Skills Shortage(Council on Foreign Relations) Governments and industry like to talk about the 'cybersecurity skills shortage,' but does the shortage actually exist? And are countries adopting the right policies to address it?
Federal Council to create new cybersecurity competence centre(International Law Office) The Federal Council recently announced its intention to create a cybersecurity competence centre to provide a one-stop national point of contact for all cybersecurity issues. The plan is a response to requests from Parliament and the business community and is a step towards implementing Switzerland's national strategy for protecting against cyber risks.
Onapsis Technology to Be Used by IBM X-Force Red to Help Organizations Uncover Critical Vulnerabilities(Odessa American) Onapsis, the global leaders in ERP cybersecurity and compliance, today announced IBM Security’s team of veteran hackers, X-Force Red, will use its ERP technology to help organizations identify exploitable vulnerabilities in their business-critical applications. X-Force Red will use Onapsis’ ERP technology when performing vulnerability assessments and penetration testing against SAP and Oracle applications to help quickly uncover known and unknown vulnerabilities.
CenturyLink Debuts Threat Research Division(Channel Partners) The mission of Black Lotus Labs is to use CenturyLink's network visibility to help protect customers and keep the internet clean, and it does this is by tracking and disrupting botnets like Necurs, a prolific and globally dispersed spam and malware distribution botnet which has recently demonstrated a hiding technique to both avoid detection and quietly amass more bots.
Be Careful: Gamification at Work Can Go Very Wrong(SHRM) Gamification is becoming known as a valuable technique that can change behavior and incentivize higher productivity, but HR managers should know that gamifying the workplace only succeeds when the game is thoughtfully designed to create many winners.
Nationwide Girls Go CyberStart competition(Terre Haute Tribune-Star) Indiana Gov. Eric J. Holcomb recently announced the 2019 Girls Go CyberStart challenge, a skills-based competition designed to encourage girls to pursue cyber-based learning and career opportunities. High school girls
Experts: US anti-Huawei campaign likely exaggerated(AP NEWS) Since last year, the U.S. has waged a vigorous diplomatic offensive against the Chinese telecommunications giant Huawei, claiming that any nation deploying its gear in next-generation wireless...
Trump’s Biggest China Test(Atlantic Council) The escalating U.S. global offensive against China's Huawei – the world's largest telecom equipment provider and second largest mobile phone manufacturer – provides an unsettling glimpse into the messy, high-stakes multibillion-dollar future of...
Hanoi Summit: Two Cheers for Donald Trump(Atlantic Council) It’s disappointing that a deal was not reached in Hanoi, but it’s good that US President Donald J. Trump walked away rather than signing a one-sided agreement. Agreeing to a total lifting of UN sanctions in return for only limited steps on...
Is the U.S. Using Sanctions Too Aggressively?(Foreign Affairs) The United States’ use of sanctions has exploded over the past decade. An analysis by the law firm Gibson Dunn found that President Donald Trump’s administration added nearly 1,000 people, companies, and entities to U.S. sanctions lists during 2017, nearly 30 percent more than the number added during former President Barack Obama’s last year in office.
US offers $1 million reward for information on Hamza bin Laden(FDD's Long War Journal) The State Department announced today that it is offering a $1 million reward for information on Hamza bin Laden's whereabouts. Hamza is the genetic and ideological heir of al Qaeda's founder and he has been groomed for a leadership position within the organization.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
OSSEC Open Source Security Conference(Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...
PCI Security Standards 2019 Latin America Forum(São Paulo, Brazil, August 15, 2019) Don’t miss the data security event of the year for the payment card industry. We provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
BSides Columbus 2019(Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...
G’Day USA US-Australia Dialogue on Cyber Security(San Francisco, California, USA, March 4, 2019) The 2019 G’Day USA US-Australian Dialogue on Cyber Security will be held in San Francisco in the margins of the annual RSA Conference, which attracts more than 45,000 cyber and digital industry leaders.
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.