Gain helpful tips from industry experts. Get all 5 chapters of the insider's Guide to Incident Response in 1 eBook! Download your free copy today!
March 7, 2019.
RSA Conference 2019
We attended a pitch competition yesterday morning, which Maryland's Department of Commerce organized in Venable's offices not far from the Moscone Center. Ten international start-ups pitched a panel of venture capitalists and other experts on investment in the security sector. At stake were preferential terms for tenancy at bwtech@UMBC, a start-up incubator in Baltimore County among whose specialties is providing a place from which young companies from outside the US can gain some perspective on US markets.
The panelists selected a winner and two runners-up. The third runner-up was Enigmedia, which provides privacy solutions based on a proprietary encryption system. Their principal interest in the market isn't, however, in protecting personal information, but rather in contributing to the security of industrial control systems, where they believe their low-latency solution has particular applicability. Placing second was CyberMerc, whose market is the under-served small and medium enterprise. They offer a mesh defense network, and their solution involves providing a hardware appliance to help smaller businesses achieve a "comprehensive, visual, real-time performance overview and critical security control analysis." And Votiro placed first. Its File Disarmer security solution is designed to allow "safe and free use of data," with particular protection against unknown threats.
By the CyberWire staff
Microsoft told the Wall Street Journal that an Iranian cyberattack campaign hit more than 200 companies over the past two years. The attacks targeted oil-and-gas companies and heavy machinery makers in a number of countries, causing hundreds of millions of dollars in damages. The group sent phishing emails to more than 2,200 people at these companies. Microsoft attributes the attacks to Holmium, also known as APT33.
CrowdStrike says criminals using GandCrab ransomware have exhibited a recent shift in tactics. They’re now using techniques more often associated with nation-state APT groups, such as manual lateral movement within networks. These observations are consistent with a recent advertising campaign by GandCrab’s developer, Pinchy Spider, which was aimed at individuals with knowledge of Remote Desktop Protocol, Virtual Network Computing, and corporate networking. The shift suggests that Pinchy Spider and its affiliates are hoping to maximize their revenue by launching the type of low-volume/high-return attacks used by sophisticated threat actors.
Trend Micro describes a new type of information-gathering malware that communicates with the attacker via a private Slack channel. The researchers "believe with strong confidence that it was part of a possible targeted attack campaign," noting that the attackers, who were very sophisticated, "clearly show a strong interest in person-related information."
TechCrunch notes that Huawei filed its lawsuit against the US Federal government last night, claiming the ban on its products from government use is unconstitutional.
Google’s latest Chrome update contains a patch for a high-severity use-after-free flaw that’s being actively exploited in the wild.
Today's issue includes events affecting Australia, China, European Union, Iran, Russia, Singapore, United Kingdom, United States.
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
UltraHack: The Security Risks of Medical IoT(Check Point Software Blog) IoT devices make our lives easier. Smart home technology, for example, can help users improve energy efficiency by enabling them to turn appliances on and off with the tap of a touchscreen. Likewise, organizations across all industries have also rapidly adopted them to improve operational efficiency. However, in our recent report into Cloud, Mobile and…
New SLUB Backdoor Uses GitHub, Communicates via Slack(Trend Micro) We discovered a malware that uses three different online services -- including Slack and GitHub-- as part of its routine. Analysis of the attacker's tools, techniques, and procedures lead us to believe that this might be a targeted attack from very capable threat actors.
Scammers Use Cheap and Squatted Domains to Create Fake Sites(Zscaler) Zscaler security research observed development of scam campaigns in which bad actors are making use of cheap domains, registering them in bulk, and scamming people in an attempt to generate revenue. In this blog, we will cover a few of such campaigns.
Iranian Hackers Have Hit Hundreds of Companies in Past Two Years (Wall Street Journal) Cyberattacks linked to Iranian hackers have targeted more than 200 companies over the past two years, Microsoft said, part of a wave of computer intrusions from the country that researchers say has hit businesses and government entities around the globe.
Hackers Revive Microsoft Office Equation Editor Exploit(BleepingComputer) Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago.
Unpatched UPnP-Enabled Devices Left Exposed to Attacks(BleepingComputer) Outdated software on UPnP-enabled devices exposes them to attacks designed to exploit a wide range of vulnerabilities found in UPnP libraries used by various daemons and servers reachable over the Internet.
Internet of Termites(AT&T Cybersecurity) Termite is a tool used to connect together chains of machines on a network. You can run Termite on a surprising number of platforms including mobile devices, routers, servers and desktops.That means it can be used used to bounce a connection between multiple machines, to maintain a connection that otherwise wouldn’t be possible:Termite is a useful networking and penetration testing tool, but we’re seeing it used in attacks to enable access to machines too. There has been little
PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services(Check Point Research) Many large organizations use Windows Deployment Services (WDS) to install customized operating systems on new machines in the network. The Windows Deployment Services is usually, by its nature, accessible to anyone connected via an LAN port and provides the relevant software. They determine the Operating System as well as...
You Think That's Air You're Breathing?(Capsule8) An Exercise in Practical Container Escapology Introduction Containerization has revolutionized how software is developed and deployed, by providing powerful specificity and control for devs and ops alike. By isolating software …
Do Not Despair, Good Privacy Days Ahead(Decipher) The future of privacy is neither futile or pretty good. New regulations are on the way, but there will also be more challenge about rampant surveillance, ACLU tech fellow Jon Callas said.
Mobile World Congress 2019: A payments perspective(Rambus) Andre Stoorvogel, Director, Product Marketing, Rambus Payments For anyone attending Mobile World Congress last week, they have no doubt gone to bed dreaming of 5G networks and foldable smartphones. But dig a little deeper, and there was a lot more up for discussion (honestly). As always, the show offered insight into the big trends that …
2019 Global ICS & IIoT Risk Report(CyberX) A data-driven analysis of real-world vulnerabilities observed in more than 850 production ICS networks across all industrial sectors and 6 continents worldwide.
Control Systems Cybersecurity: A Grim Gap - A Conversation with Joe Weiss(Momenta Partners) In this weeks IoT Podcast Ed Maguire speaks with Joe Weiss, Managing Partner of Applied Control Solutions and Managing Director of the ISA99 standards organization. He has a deep background in control systems security, and has been active in the cyber security community for decades.
Mobile Security Report(Pradeo) Results based upon the analysis of a sample of 3 million mobile applications and 500K mobile devices
Mark Zuckerberg discovers privacy(TechCrunch) With the swelling confidence of a colonial power happening upon a long-settled distant land, today Mark Zuckerberg discovered the concept of privacy. In a ballooning 3,225 words — a roughly average word count for the terminally verbose Facebook founder — Zuckerberg informed his miserably loyal 2.3 …
wolfSSL Announces FIPS-Ready Solution(PRWeb) wolfSSL, the leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, announces the wolfSSL FIPS-Ready solution! Federal Inf
Northrop Grumman Sponsors 2019 CyberCenturion Competition in London(Northrop Grumman Newsroom) LONDON – March 7, 2019 – Northrop Grumman Corporation (NYSE: NOC) welcomes some of the UK’s brightest 12-18 year olds to compete in the fifth National Finals of CyberCenturion, a nationwide cyber defence competition led by Northrop Grumman, in...
ISI’s Matt Green Receives $100,000 Google Security and Privacy Research Award(JHU Information Security Institute) Cutting-edge research plays a key role in advancing the security and privacy of users across the Internet. To accelerate the next generation of security and privacy breakthroughs, Google has created the Security and Privacy Research Awards. In February 2019, Google announced that Matthew Green, cryptographer and assistant professor at Johns Hopkins University’s Information Security Institute, …
GAO Report Finds Cyber Mission Force Training Gaps(MeriTalk) The Government Accountability Office recommended that the Department of Defense address training gaps at U.S. Cyber Command to main a properly trained Cyber Mission Force (CMF) in a report released today.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
U.S. Commercial Service at RSAC2019(San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...
Zero Day Con(Dublin, Ireland, March 7, 2019) On March 7 2019, Zero Day Con will bring together leading technology firms, industry experts and government officials that will share insights for cybersecurity professionals grappling with the rise of...
CyCon 2.0(Loudon, Virginia, USA, March 9, 2019) CyCon - cyber for the community is back with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies to include the deep and dark web, securing...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.