Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
March 21, 2019.
By the CyberWire staff
Two Russian APT groups are targeting European NATO member states with ongoing cyberespionage campaigns ahead of the EU parliamentary elections in May, CNBC reports. Researchers at FireEye observed both large-scale and highly-targeted phishing operations launched by Sandworm and APT28 against European government institutions, with the goal of stealing credentials. The two groups use different tools and techniques, but their efforts seem to be coordinated. They’re believed to have three primary objectives: stealing information and credentials for use in future attacks, gathering intelligence to give Russia a diplomatic advantage, and collecting information to assist in disinformation operations.
The FIN7 cybercrime group is still active, despite the arrests of several of its members last year. Flashpoint says the group is using two new strains of malware, which researchers have dubbed "SQLRat" and "DNSbot." The criminals are also using a new attack panel called "Astra," which acts as a script-management system for compromised computers.
A Lithuanian man pleaded guilty yesterday to scamming Facebook and Google out of $123 million over the course of three years, according to ZDNet. The man registered a company in Latvia that shared a name with a legitimate computer hardware manufacturer. He then used a variety of fraudulent invoices and contracts to trick Facebook and Google employees into wiring him millions of dollars at a time. Facebook is said to have lost $100 million from the scams, while Google lost $23 million.
Semmle discovered a now-patched critical denial-of-service vulnerability in Fizz, Facebook’s open-source implementation of the TLS 1.3 protocol.
"Cloud computing” is fast becoming simply “computing.” Enterprises need cloud-style quality of service across their hybrid information and technology environments. Visit Coalfire and download the latest Gartner Report, “Predicts 2019: Increasing Reliance on Cloud Computing Transforms IT and Business Practices,” for insight into how cloud computing has grown from a delivery option to an all-encompassing strategy. Learn how businesses leverage the cloud for efficiency and innovation. Visit www.coalfire.com and download your copy today.
And Hacking Humans is up. In this week's episode, "Kids are a great target," a listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest is Frances Dewing, the CEO and co-founder of Rubica. They recently published a report on how crooks are accessing parents’ mobile devices via apps their kids load.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Immortal information stealer(Zscaler) Zscaler security research team came across new information-stealer malware called "Immortal" which is written in .NET and designed to steal sensitive information. In this blog, we provide an analysis of the data Immortal steals from browsers, the files it steals and what it does with the stolen data.
Group-IB: hackers hit hard SEA and Singapore in 2018(OODA Loop) Group-IB has released a new study that analyzes cybercrime activity in Southeast Asia, which the company describes as "one of the most actively attacked regions in the world." Last year, a total of 21 state-backed
Man steals stingray, threatens to leak nudes(SC Media) In a twisted tale of cyberbullying and the theft, a man in Singapore was jailed after stealing a stingray and later threatening to leak his ex-girlfriends nude photos.
1,600 Hotel Guests Secretly Live Streamed to 4,000+ Subscribers(BleepingComputer) Four individuals from South Korea were detained for secretly recording, live streaming, and selling spycam videos of 1600 motel guests between November 24 and March 2, with two of them being arrested and facing a maximum of five years in jail.
KB4493132 Update Notifies Windows 7 Users of End of Support Date(BleepingComputer) A new Windows 7 update called KB4493132 has been released and is used to display notifications that remind users that Windows 7 will reach its end of life starting on January 14th, 2020. These notifications contain a link that goes to a Microsoft page suggesting that users upgrade to Windows 10.
Trends in regulation, sector by sector.(The CyberWire) Iliana Peters, the former acting deputy director for health privacy at the Office for Civil Rights (OCR), agreed with Dr. Schneck’s point, made earlier in the day, that compliance doesn’t constitute security, but she believes that “nimble” regulations can be very useful.
The future of cyber in a pervasively connected world.(The CyberWire) John Forte, the Deputy Executive for Johns Hopkins University Applied Physics Laboratory’s Homeland Protection Mission Area, said that the role of the CISO will have to evolve in order to address the changing landscape of increasingly interconnected devices. He points to transportation, healthcare, buildings and cities, education, public safety as examples of sectors that are growing increasingly automated.
GDPR PII exposure can now be securely reported via Open Bug Bounty(OpenBugBounty Blog) Open Bug Bounty community is growing: we have over 400 [fee free] bug bounty programs running now, and over 300,000 fixed security vulnerabilities. To facilitate further sustainable growth and to help website owners spot accidental exposure of personal data (PII) on their websites in a timely manner, we implemented a new type of non-intrusive submission – GDPR PII Exposure.
Microsoft Defender comes to the Mac(TechCrunch) Microsoft today announced that it is bringing its Microsoft Defender Advanced Threat Protection (ATP) to the Mac. Previously, this was a Windows solution for protecting the machines of Microsoft 365 subscribers and assets the IT admins that try to keep them safe. It was also previously called Windo…
Flashpoint Introduces Innovative Approach for Use Case-Driven Intelligencee(Flashpoint) Flashpoint introduces a new use-case driven approach to our packaged solutions that allows organizations to more effectively consume and automate threat intelligence. These offereings support traditional cybersecurity and operations use cases, as well as fraud, insider threat, corporate security, and third-party risk.
Deputy first minister flags up importance of Scottish cyber resilience(PublicTechnology.net) Scottish deputy first minister John Swinney says the threat of a category one cyberattack is one of the few things capable of keeping him awake at night. Swinney, who has responsibility for Scotland’s cybersecurity, has good reason to be worried, with the head of the UK’s National Cyber Security Centre warning that a major cyberattack on the UK is almost inevitable.
The case for cyber regulation.(The CyberWire) Bob Anderson, former FBI Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch, focused on the issue of encryption, explaining that the government needs to partner with the private sector to enforce the law while still ensuring the safety of citizens’ data.
The regulatory playing field.(The CyberWire) Dr. Phyllis Schneck, Managing Director of the Global Cyber Solutions practice at Promontory Financial Group, said that businesses need to focus on operational resilience rather than making compliance their only goal. “Compliance with regulation is not security,” Schneck said. While regulations can be a good start, they usually aren’t enough.
Russia doubles down on censorship with new 'fake news' and 'internet insults' law(Private Internet Access Blog) The Russian government has passed a new censorship law that allows it to target individuals and websites for such nondescript crimes as spreading “fake news” and “disrespecting” state symbols of figures – including Vladimir Putin. Specifically, Russia will be able to punish any person or site that “exhibits blatant disrespect for the society, government, official …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
INTERPOL World 2019(Singapore, July 2, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
OSSEC Open Source Security Conference(Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...
KNOW 2019(Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.