Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
March 14, 2019.
Fifth Annual Cybersecurity Conference for Executives
The CyberWire was at the Johns Hopkins University yesterday, attending the Cybersecurity Conference for Executives. The conference, organized by the Johns Hopkins Whiting School of Engineering and Ankura, concentrated on regulatory frameworks and trends, and sometimes surprising impact of national, international, and state regulations on businesses of all sizes. You may not think you're interested in GDPR (or for that matter HIPAA, or CCPA), but as several experts explained, they're interested in you. We'll have a longer report available later.
By the CyberWire staff
Indonesian authorities say, according to Reuters, that voting will go on as planned, that the government can handle any disruptions, and that, while there have been "probes" from a range of foreign IP addresses (including Russia and China, but not limited to these two) domestic finagling is probably more prevalent than any foreign influence attempts.
Trustwave warns of compromised Pakistani government sites serving keyloggers.
A significant number of attacks against corporate data are traceable to remote-access Trojans (RATs), many of which represent commodity malware traded in the criminal underground. Recorded Future today published an overview of RAT activity.
Proofpoint outlines how threat actors breach cloud accounts.
Kaspersky reports that a zero-day Microsoft patched this week, CVE 2019-0797, is being actively exploited by two espionage APTs, SandCat and FruityArmor. SandCat also uses CHAINSHOT malware and FinFisher/FinSpy.
Researchers at Check Point describe "Operation Sheep," in which Chinese IT and services firm Hangzhou Shunwang Technology is apparently scraping data (contact lists, geolocation, and QQ messenger login information) from Android phones via some twelve Android apps infected through a data analytics software development kit. The applications are available through third-party stores and seem mostly to affect users in China. Check Point thinks the app developers and the stores have been unaware of the data collection campaign.
Flashpoint researchers note an unusual point-of-sale campaign that's targeted mainly small and medium-sized businesses: DMSniff creates command-and-control domains using a domain generation algorithm. This makes the malware more resistant to domain takedowns by police or tech service providers.
Today's edition of the CyberWire reports events affecting Algeria, Argentina, Australia, Bolivia, Chile, China, Colombia, Ecuador, India, Indonesia, Iran, Japan, Republic of Korea, Mexico, Pakistan, Russia, Saudi Arabia, Singapore, Sweden, Switzerland, Thailand, Turkey, United Kingdom, United States, Venezuela, and Yemen.
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee shares some thoughts on the Venezuelan power outages. Our guest, Jeremy Tillman from Ghostery, discusses the California Consumer Privacy Act.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
Talking to RATs: Assessing Corporate Risk by Analyzing Remote Access Trojan Infections(Recorded Future) Recorded Future analyzed network communications relating to a selection of RAT command-and-control servers across several malware families in order to profile targeted victim organizations and sectors. This report is based on data sourced from the Recorded Future® Platform, VirusTotal, Farsight DNS, Shodan, GreyNoise, and other OSINT techniques.
Chinese IT Services Giant Harvests Contacts, Tracks Users(BleepingComputer) Servers controlled by Chinese IT and services giant Hangzhou Shunwang Technology collect phone contact lists, geolocation, and QQ messenger login info through a data-stealing component present in up to a dozen Android apps available from major third-party stores in the country.
New Variant of Ursnif Targeting Japan(SecurityWeek) Japan is a common target for Ursnif, but the latest version, delivered by Bebloh, goes to increased lengths to ensure that the victim is indeed Japanese.
DMSniff Point-of-Sale Malware Silently Attacked SMBs For Years(BleepingComputer) A Point-of-Sale (POS) malware which uses a domain generation algorithm to create command-and-control domains on the fly was detected in attacks against small and medium-sized businesses for the past four years according to a team of security researchers from Flashpoint.
Update: Facebook, Instagram and Messenger were down for many users(TechCrunch) Update: Instagram has confirmed that service is now restored via a tweet sent in the early hours of this morning (CET)… Anddddd… we're back. pic.twitter.com/5E8UdlcsPJ — Instagram (@instagram) March 14, 2019 Facebook has yet to tweet confirmation of its return to stable uptime…
Facebook turns to Twitter to explain outages(CNN) Facebook, the world's largest social network, relied on Twitter on Wednesday to explain that its apps inclding WhatsApp and Instagram were experiencing outages around the world.
Ad Network Sizmek Probes Account Breach(KrebsOnSecurity) Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.
Cyber Attack Shuts Down Part of Public Defender Agency(NBC10 Boston) A cyber-attack has shut down part of Massachusetts' public defender agency—leaving thousands of attorneys unable to access their own network for weeks. The shutdown is causing a domino effect as some cases...
The “splinternet” is already here(TechCrunch) Keith Wright Contributor Share on Twitter Keith Wright is a Villanova School of Business instructor of Accounting and Information Systems, founder of Simplicity On-Demand LLC and former Senior Vice President for Global Sales Operations for SAP. There is no question that the arrival of a fragmented …
The adversarial persuasion machine: a conversation with James Williams(TechCrunch) James Williams may not be a household name yet in most tech circles, but he will be. For this second in what will be a regular series of conversations exploring the ethics of the technology industry, I was delighted to be able to turn to one of our current generation’s most important young philosop…
How AI Will Rewire Us(The Atlantic) For better and for worse, robots will alter humans’ capacity for altruism, love, and friendship.
Cloudflare Raises $150 Million(SecurityWeek) Internet performance and security firm Cloudflare raises $150 million in new funding round. The money will be used to extend product ranges and continue international expansion.
Jamaica Plain Resident Named Boston’s First-Ever Chief Information Security Officer(Jamaica Plain News) Jamaica Plain's Gregory McCarthy was recently named Boston's first-ever Chief Information Security Officer, and will lead the city's cybersecurity team. "I'm proud to welcome Gregory to a leadership position in our Department of Innovation and Technology, which works to utilize technology in the best and smartest ways possible to make residents lives better," said Boston Mayor Marty Walsh via […]
American firms need to be aware of GDPR guidelines(Maryland Daily Record) Rick Arthur, chief information technology and security officer at Harman Executive Advisors, said American companies need to be aware of the European Union’s GDPR guidelines. A recent $57 million fine of Google for alleged violations of personalized data is the best reason yet for U.S. organizations to finally pay attention to the EU’s new General Data Protection Regulation (GDPR), according to Rick Arthur, chief information technology and security officer at Hartman Executive Advisors in Timonium.
Protecting applications against DFA attacks(Help Net Security) There are several steps you can take to ensure that you are doing as much as possible to defend against DFA attacks. Learn more in this article from Arxan.
What Government Leaders Need to Know About Managed Services(Via Satellite) In exploring whether to move forward with a managed services model for satellite communications acquisition, certain circles of government leadership have expressed some reservation, which essentially reflects uncertainly or even fear of the unknown — if I do not own it, I cannot “control” the availability,
Inside Tufts University’s grade-hacking case(TechCrunch) This week, security reporter Zack Whittaker discussed his exclusive report about Tufts University veterinary student Tiffany Filler who was expelled on charges she hacked her grades. Being Canadian and therefore in the U.S. on a student visa, she had to immediately leave the country.
US military steps up cyberwarfare effort(GCN) Cyber Command's campaign against the Russian Internet Research Agency indicates a priority shift from reacting to electronic intrusions into military networks to engaging in active operations that seek to stop enemies from achieving their objectives.
Regulate to Liberate(Foreign Affairs) In an world increasingly driven by the ability of private companies and governments to collect vast amounts of personal data online, the European Union's ambitious new data rules enshrine data privacy as a fundamental right rather than a luxury.
SBA Cyber Awareness Act(Office of Senator Rubio) The SBA Cyber Awareness Act, introduced by Senator Rubio and Senator Ben Cardin, works to ensure that the information technology (IT) systems at the U.S. Small Business Administration (SBA) are protected from cyber criminals by...
Small Business Cyber Training Act(Office of Senator Rubio) The Small Business Cyber Training Act, introduced by Senator Rubio and Senator Jeanne Shaheen, creates a program to train the counselors at the Small Business Development Centers (SBDCs) across the country in cyber strategy assistance by...
Release of Joint Assessments of Section 702 Compliance(IC ON THE RECORD) Today the DNI, in consultation with the Department of Justice, is releasing in redacted form the 18th Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the Attorney General and the Director of National Intelligence (“Joint Assessment”). The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community (IC) (“IC’s Transparency Principles”).
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SecureWorld Charlotte(Charlotte, North Carolina, USA, March 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
2019 S&T Cybersecurity and Innovation Showcase(Washington, DC, USA, March 18 - 20, 2019) The 2019 S&T Cybersecurity and Innovation Showcase is a unique event for the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to introduce its funded research projects to...
OSSEC Open Source Security Conference(Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.