Gain helpful tips from industry experts. Get all 5 chapters of the insider's Guide to Incident Response in 1 eBook! Download your free copy today!
March 8, 2019.
RSA Conference 2019
RSAC 2019 is wrapping up today, and we finish our coverage with a few observations on the conference.
This year the underlying assumption of most of the discussions we've heard has been that security is increasingly focused on the cloud, and on the application layer. And, of course, one of the themes is the enduring importance of sound digital hygiene.
Listening to senior US Government participants in RSAC, it's clear that the US has come to view China, and not Russia, as the nation's most serious rival in cyberspace. Decades of mutually beneficial engagement in trade seem to have run their course, and the two countries have moved into a period of enduring competition.
And the inherent unpredictability of innovation will challenge strategists who wish to prepare for 5G.
By the CyberWire staff
Research from Recorded Future presents details on China's social media influence operations targeted at the West. The operations differ from Russia's influence campaigns based on the countries' different national goals. Russia's operations are primarily "disruptive and destabilizing," while China's are "largely positive and coordinated." Chinese information operations are meant, researchers say, to present an "overwhelmingly positive, benign, and cooperative image of China" to Western users. These campaigns don't show a large-scale interest in swaying foreign elections; rather, they focus on changing opinions about policies that are disadvantageous to China's goals. The researchers found that just two Chinese influence profiles on Instagram "reached a level of audience engagement roughly one-sixth as large as the entire Russian IRA-associated campaign targeting the United States on Instagram."
The Washington Times claims that the United States has begun conducting counter-cyberattacks against China in retaliation for Chinese cyberespionage. The US hacks are likely targeting trade secrets related to Chinese missile technology.
Amnesty International says the Egyptian government is responsible for a wave of spear phishing attacks that targeted activists within the country, ZDNet notes. Government-backed attackers created third-party apps to launch OAuth phishing attacks against victims' Gmail accounts. They also targeted Yahoo, Outlook and Hotmail users. The list of targeted individuals had "significant overlaps" with those targeted in a 2017 campaign which was also linked to Egyptian state-sponsored actors.
Security researchers found more than 808 million email records in an internet-connected MongoDB instance without a password. Millions of the records included sensitive personal information as well.
Today's issue includes events affecting Australia, Canada, China, Egypt, Germany, Hungary, Italy, Romania, United Kingdom, United States.
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
RSAC 2019: Security and the unforeseeable consequences of technological advance(The CyberWire) Technological advance enables further innovation, and the consequences of such advance and the nature of the innovations that it makes possible are imperfectly predictable at best. 5G will provide an opportunity for governments and enterprises to think through security under conditions of uncertainty.
U.S. counters China cyberattacks(The Washington Times) American intelligence and military cyberwarriors have begun conducting counter-cyberattacks against Chinese intelligence and military targets, according to a U.S. official.
Tricks and COMfoolery: How Ursnif Evades Detection(Security Boulevard) Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of delivery servers means detection tools are left in the dark In February we The post Tricks and COMfoolery: How Ursnif Evades Detection appeared first on Bromium.
Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack(Imperva) A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel attack I named “Cross-Site Frame Leakage,” or CSFL …
Investment scam targets Instagram users(Hanahan Herald) Victims aged in their 20s have each lost an average of £8,900 after falling for investment scams that appear on image-sharing platform Instagram.
Cybersecurity firm Uniguest acquires Touchtown(CISO Magazine) Nashville-based Uniguest, a cybersecurity specialist in public space technology, recently acquired Touchtown, the living community engagement technology provider based outside of Pittsburgh.
How to Fight Disinformation While Preserving Free Speech(Atlantic Council) There are solutions “within the framework of our traditions of freedom of speech and free expression” to counter the spread of disinformation online, Daniel Fried, a distinguished fellow at the Atlantic Council, said at the Council’s Disinfo Week...
How Do You Defeat Disinformation? Tackle Demand, Not Just Supply(Atlantic Council) “Disinformation is a cause of democratic deterioration, but it is also a symptom of a much deeper disease affecting liberal democratic society,” according to Ana Palacio, a former Spanish minister of foreign affairs. Comparing the fight against...
Cryptography techniques must keep pace with threats, experts warn(SearchSecurity) Cryptography techniques are effective for protecting personal data, but maintaining the integrity of encrypted data and ensuring encryption is used wherever necessary remain challenges for experts in the field, who discussed these and other challenges at RSAC 2019.
No 'smoking gun' evidence coming on Huawei, NSA official says(CyberScoop) Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.”
GDPR: Still Plenty of Lessons to Learn(BankInfoSecurity) Nearly 10 months after the beginning of enforcement of the EU’s GDPR privacy regulation, organizations around the world are still learning plenty of compliance
New FBI Director, Same Message on Encryption(PCMAG) FBI Director Christopher Wray reiterates that law enforcement should have access to encrypted data, but acknowledges that privacy advocates are not trying to weaken national security.
Hungarian Judge OKs Extradition of Portuguese Hacker(SecurityWeek) A Portuguese man linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case will be extradited to his home country, a Hungarian court has ruled.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
U.S. Commercial Service at RSAC2019(San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...
CyCon 2.0(Loudon, Virginia, USA, March 9, 2019) CyCon - cyber for the community is back with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies to include the deep and dark web, securing...
PCI Security Standards Council 2019 India Forum(New Delhi, India, March 13, 2019) You’re invited to a day of networking opportunities and educational sessions as the PCI Security Standards Council holds its first ever India Forum in New Delhi, India. You won’t want to miss our engaging...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.