Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
March 13, 2019.
By the CyberWire staff
Indonesia is the latest country to say that its elections are coming under attack by Russian and Chinese actors, Bloomberg reports. The interference Jarkata claims it's seeing runs from influence operations to the creation of "ghost voters." Investigations into voter fraud are underway.
The US House of Representatives is holding hearings on election security. CISA Director Krebs is testifying today.
Venezuela's power crisis continues. Disputed president Maduro continues to blame US hacking for outages, Reuters and others say, and he's ordered US diplomats expelled (after the US already pulled them), but his story finds relatively few takers. Digital Journal has a summary of why cyberattack seems an unlikely explanation of grid failure. An account in WIRED of the difficulty of a black start, of bringing a dead grid back online, illustrates the consequences of infrastructure collapse.
A report to the Secretary of the Navy outlines the extent to which the US believes Chinese intelligence services have successfully prospected both the US Navy and the contractors who support it. The Wall Street Journal has an account.
Easily overlooked, perhaps because underwater, is that portion of the telecommunications infrastructure that takes the form of undersea cables. Those cables are proving a fresh field for Sino-American competition, says the Wall Street Journal, as Huawei's efforts to develop a pervasive share in that market draw attention. Australian authorities have for several years expressed reservations over Chinese companies' involvement in undersea cables.
Microsoft's patches yesterday addressed sixty-four issues, seventeen of them critical. Two fixed zero-days.
Today's edition of the CyberWire reports events affecting Australia, China, European Union, India, Indonesia, Democratic Peoples Republic of Korea, Russia, United Kingdom, United States, and Venezuela.
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
North Korean Hackers Behind $571M Crypto Heists Says UN Report(BleepingComputer) North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council.
Venezuelan 'cyber-attack' possible but unlikely, experts say(Digital Journal) Venezuelan President Nicolas Maduro's government has accused the United States of "cyber sabotage" to knock out the country's central hydroelectric complex and leave the nation largely without electricity since Thursday afternoon.
Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits(BleepingComputer) A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.
Plymouth weathers cyber attack(Republican-American) Mayor David V. Merchant said Tuesday the town’s municipal and police department computer systems are recovering well from last week’s cyber attack.The town has not lost…
Security Patches, Mitigations, and Software Updates
Patch Tuesday, March 2019 Edition(KrebsOnSecurity) Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint.
Siemens Industrial Products (Update M)(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Remotely exploitable/low skill level to exploitVendor: SiemensEquipment: Industrial ProductsVulnerability: Improper Input Validation2. UPDATE INFORMATIONThis updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update L) published February 12, 2019, on the NCCIC/ICS-CERT website.
Siemens Desigo PXC (Update C)(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: Desigo PXCVulnerability: Improper Authentication2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-025-02B Siemens Desigo PXC that was published March 22, 2018, on the NCCIC/ICS-CERT website.
Siemens SIMATIC S7 (Update A)(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.3ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC S7Vulnerability: Resource Exhaustion 2. UPDATE INFORMATIONThis updated advisory is a follow-up to the original advisory titled ICSA-18-317-05 Siemens SIMATIC S7 that was published November 13, 2018, on the NCCIC/ICS-CERT website.
Dimension Data introduces next-generation managed services(IT-Online) Dimension Data has announced the launch of its next-generation global managed services to help clients simplify the management and operation of their technology. Dimension Data’s Managed Services Platform now offers near real-time insight and reporting, managing over 9 000 IP networks and supporting over 13 million users across the globe. Meeting increasing client demands, the …
The 12 Worst Serverless Security Risks(Dark Reading) A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
How Do Cryptographic/Digital Signatures in Bitcoin Work? | CaptainAltcoin(CaptainAltcoin) Digital signatures are a mathematical concept/technique used to verify the authenticity and integrity of information. In a manner similar to a handwritten signature or a stamped seal, digital signature is used to offer reasons to believe that a certain message/document was created by the designated sender. In many countries, including the United States, digital signatures …
NSA Software Can Help Secure the Supply Chain(Meritalk) The National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium have come up with validation software that can be used with any device and could go a long way to securing the supply chain for computing devices.
Prospiracy Theories(Slate Star Codex) Last week I wrote about how conspiracy theories spread so much faster on Facebook than debunkings of those same theories. A few commenters …
Research and Development
How intelligent is artificial intelligence?(ScienceDaily) Scientists are putting AI systems to a test. Researchers have developed a method to provided a glimpse into the diverse 'intelligence' spectrum observed in current AI systems, specifically analyzing these AI systems with a novel technology that allows automatized analysis and quantification.
US military steps up cyberwarfare effort(San Francisco Chronicle) (The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.) Benjamin Jensen, American University School of International Service and Brandon Valeriano, Marine Corps University (THE CONVERSATION) The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018.
DHS grapples with cyber enforcement(FCW) The Department of Homeland Security is increasingly using compulsory directives to spur federal agencies on cybersecurity improvements, but cyber enforcers are learning that success isn't built out of carrots and sticks.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Enfuse 2019(Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
PCI Security Standards Council 2019 India Forum(New Delhi, India, March 13, 2019) You’re invited to a day of networking opportunities and educational sessions as the PCI Security Standards Council holds its first ever India Forum in New Delhi, India. You won’t want to miss our engaging...
Annual Cybersecurity Conference for Executives(Baltimore, Maryland, USA, March 13, 2019) Computer breaches seem to be increasing in frequency and severity around the world, causing the leadership of organizations large and small to assess whether they’re doing enough to protect their data.
SecureWorld Charlotte(Charlotte, North Carolina, USA, March 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.