Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
March 22, 2019.
By the CyberWire staff
Facebook has been logging hundreds of millions of user passwords in plain text for years on internal servers that were reportedly searchable by more than 20,000 Facebook employees, Brian Krebs said yesterday. Facebook said in a blog post that it plans to "notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" that their passwords were stored this way.
Finland's data protection ombudsman is investigating a potential data breach violation following a report that some Nokia 7 Plus smartphones developed by HMD Global were transmitting sensitive data to a Chinese server. NRK reported yesterday that every time one of the phones was switched on or the screen was unlocked, it sent an unencrypted data packet containing the phone's geographic location, SIM card number, and serial number to a server belonging to China's state-owned telecommunications company. HMD Global, a Finnish company that develops the Nokia-branded phones, told Reuters this was due to a glitch in the phone activation software which was patched last month.
Over 100,000 GitHub repos have leaked API tokens and cryptographic keys, according to ZDNet. Researchers from North Carolina State University scanned millions of public GitHub repositories looking for text strings that resembled API tokens or keys, and discovered more than 200,000 exposed keys spread across more than 100,000 projects.
The US Department of Homeland Security warned that the protocol used in certain Medtronic cardiac devices can be easily hacked from up to twenty feet away.
"Cloud computing” is fast becoming simply “computing.” Enterprises need cloud-style quality of service across their hybrid information and technology environments. Visit Coalfire and download the latest Gartner Report, “Predicts 2019: Increasing Reliance on Cloud Computing Transforms IT and Business Practices,” for insight into how cloud computing has grown from a delivery option to an all-encompassing strategy. Learn how businesses leverage the cloud for efficiency and innovation. Visit www.coalfire.com and download your copy today.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Fake CDC Emails Warning of Flu Pandemic Push Ransomware(BleepingComputer) A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target's computer.
2 in 1 Shopify and Paypal phishing scam(My Online Security) We see lots of phishing attempts for banking, Paypal and other login credentials. This is newer entry to the lists. I don’t often see Shopify phishing emails. I was quite suprised to see a double…
Telecom Crimes Against the IoT and 5G(Trend Micro) Telecommunications or telecom technology is the underpinning of the modern internet, and consequently, the internet’s growing segment, the internet of things (IoT). At its best, this relationship is exemplified as advances in network connectivity as we move to 5G. In our paper with Europol’s European Cybercrime Centre (EC3), “Cyber-Telecom Crime Report 2019,” we explore how this relationship can also be used to threaten and defraud the IoT.
Security Patches, Mitigations, and Software Updates
Cisco Patches High-Severity Flaws in IP Phones(Threatpost) The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
Is A Lack Of Cyber Due Diligence Putting Your Deal At Risk?(Forbes) Just as the FCPA drove investors to formalize their corruption due diligence programs, Europe’s GDPR and China’s Cyber Security Law--alongside a raft of new data protection regulations globally--are beginning to drive a requirement for cyber due diligence.
Instagram Testing Anti-Squatting Feature that Locks Old Usernames(BleepingComputer) Instagram is currently testing a new feature designed to automatically lock usernames for 14 days after the owners switch to a new handle, as discovered by mobile researcher Jane Manchun Wong in an Alpha version of the platform's Android app.
Is Facial Recognition the Key to Safe, Efficient Airports?(Government Technology) Documents obtained by the Electronic Privacy Information Center show that U.S. Customs and Border Protection plans to use facial recognition at 20 major international airports on 16,300 flights per week by 2021.
Teens Learn to Battle Cyber Threats(PR Newswire) At Learn4Life, a dropout recovery program for at-risk high school students, network security is a popular career pathway that introduces students to the fundamentals of computer networking, cyber security and applied cryptography.
Legislation, Policy, and Regulation
Pompeo: China threatens US-Israel intelligence sharing(Washington Examiner) China's investment in Israel could undermine intelligence-sharing and other cooperation between the United States and the major Middle Eastern ally, Secretary of State Mike Pompeo warned Thursday.
Gen. Dunford to meet with Google on AI work that 'benefits' China(FedScoop) The nation’s top uniformed officer fears that Google and other companies that work with China put the U.S.’s competitive advantage at risk. Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, said Thursday during an interview hosted by the Atlantic Council that he has a meeting scheduled with Google to discuss the company’s involvement with …
US slaps sanctions on 2 Chinese firms doing business with North Korea(CNN) The Trump administration on Thursday issued its first set of sanctions aimed at North Korea since the failed summit last month between Kim Jong Un and President Donald Trump, going after two Chinese shipping companies that have helped Pyongyang evade restrictions imposed by the US and United Nations Security Council.
Chesapeake Beach councilman charged with illegal wiretapping takes Alford plea(Maryland Daily Record) Former Maryland state police officer and current Chesapeake Beach Town Council member Stewart Cumbo was charged with illegal wiretapping after he recorded roughly 275 phone calls between July and November 2018 without notifying the other parties that they were being recorded, the Office of the State Prosecutor announced Thursday.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Mississippi College Cybersecurity Summit(Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...
INTERPOL World 2019(Singapore, July 2, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
OSSEC Open Source Security Conference(Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...
KNOW 2019(Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.