What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
March 28, 2019.
Find the CyberWire useful? Consider sharing it.
If you find the CyberWire a valuable resource, why not share it with friends and colleagues? Send them an Invitation to subscribe. As always, thanks for reading, and do stay in touch.
By the CyberWire staff
Symantec describes the activities of "Elfin," an Iranian group that's working against targets in Saudi Arabia and the US. Elfin's targets have been drawn largely from the "engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors." Symantec calls the group agile and active, and notes that it operates by scanning for vulnerable websites against which it deploys a range of commodity and custom-built tools. SecurityWeek notes that FireEye tracks the group as APT33. Neither Symantec nor FireEye think Elfin is the group responsible for the 2018 wave of Shamoon attacks, although Elfin and Shamoon's targets have shown some overlap.
Microsoft yesterday took down a different Iranian APT by seizing ninety-nine websites the group (which Microsoft calls "Phosphorus" and others call "Charming Kitten" or "APT35") used to stage attacks.
Newsweek and others report that a small contingent of Russian troops, two planeloads, arrived in Venezuela with the avowed purpose of assisting the Chavista regime recover from what Caracas maintains is a wave of cyberattacks and sabotage that have crippled its electrical grid. The Russian troops are said to include both special operations forces and cyber operators. Few credit the Maduro regime's hacking allegations, but that's their story and they're sticking to it. As the Military Times observes, the US wants the Russians out, and the Russians say they're staying.
The Wall Street Journal, citing court records and defense counsel's statements, reports that former NSA contractor Hal Martin is today expected to plead guilty to charges involving theft of classified material.
Today's issue includes events affecting Australia, Belgium, China, Czech Republic, European Union, Iran, Israel, Jordan, Morocco, NATO/OTAN, Russia, Saudi Arabia, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States, and Venezuela.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
AZORult Variant Can Establish RDP Connections(SecurityWeek) A C++ variant of the AZORult data stealer includes the ability to establish a remote desktop connection compromised devices, Kaspersky Lab’s security researchers have discovered.
Power Outages in Venezuela Continue Under Maduro’s Leadership(Accuracy in Media) Political, social, and economic tensions continue to grow in every Venezuelan city and town. On Monday, the country’s main hydroelectric dam suffered another power outage.
The blackout left almost 91 percent of Venezuela without an Internet connection.
As ironic as it is, Nicolas Maduro’s regime
Security Patches, Mitigations, and Software Updates
ASUS Patches Hijacked System Update Utility(SecurityWeek) ASUS has released a fix for the Live Update utility exploited by threat actors in the Operation ShadowHammer supply chain attack to deliver malware to hundreds of users.
NSO Group responds to spyware abuse allegations with spin(CPJ) Entering the terms “NSO Group,” “journalists,” and “spying” into a Google search from a workstation in New York City recently produced a sponsored search result at the top of the page. The NSO Group manufactures some of the world’s most sophisticated and high-profile spyware, and its sponsored link invites...
MoFo, O’Melveny Shape $1.07B Semiconductor Merger(Law360) ON Semiconductor on Wednesday agreed to buy WiFi chipset maker Quantenna Communications for roughly $1.07 billion, with ON saying the acquisition stands to strengthen its ability to serve the industrial and automotive markets, in a deal guided by law firms Morrison & Foerster LLP and O'Melveny & Myers LLP.
Senetas ready to pull up stumps(InnovationsAus.com) Leading Australian encryption technology provider Senetas will move offshore unless a series of changes are made to the government’s highly controversial Assistance and Access laws, as the local tech community unites to fight for amendments.
AEC prepared for election cyber attack(SBS News) The Australian Electoral Commission is preparing to counter cyber attacks during the federal election, as Microsoft seeks global action to protect democracy.
Comey wrong to see obstruction in firing: Ken Starr(Fox News) Former Independent Counsel to President Clinton Ken Starr believes that former FBI director James Comey was wrong to say in an NBC interview that his firing was “potentially obstruction of justice.”
J-Code Arrests 61, Seizes $4.5 Million in Crypto from Dark Web Traffickers(Coinnounce) J-Code or the Joint Criminal Opioid and Darknet Enforcement team has arrested 61 people and seized around $4.5 million in cryptocurrency during the Operation SaboTor which targets the drug traffickers worldwide that operate on the dark web. The J-Code comprises of organizations such as the Federal Bureau of Investigation, Durg Enforcement Administration, Health and […]
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
NIST IT Security Day(Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
SecureWorld Boston(Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Symposium on Securing the IoT(San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...
Women in CyberSecurity (WiCyS) Conference(Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...
Mid-Atlantic Collegiate Cyber Defense Competition(Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.