What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
March 29, 2019.
Like the CyberWire? Share it with a friend or colleague.
If you find the CyberWire adds value to your day, why not share it with colleagues who might also benefit? Send them an invitation to subscribe. (After all, the price--free--is right.) And, as always, thanks for reading.
By the CyberWire staff
Sucuri has a proof-of-concept exploit for an SQL-injection vulnerability in the core of the widely-used Magento e-commerce platform. As Ars Technica points out, the vulnerability is so potentially lucrative that criminals can be expected to exploit it in the wild as soon as they have the means to do so. About three-hundred-thousand e-commerce sites use Magneto.
Trend Micro has found that Emotet is being used to distribute a ransomware loader.
Digital Shadows outlines a criminal typosquatting campaign targeting other criminals on the dark web.
Huawei, bellwether of China's tech sector, continues to receive a mixed reception abroad. The EU has finessed security concerns about the company's participation in 5G networks, Australia and the US are unrepentant in their wish to keep Huawei out, and the UK has harshly criticized the company's failure to remediate security issues. The Register characterizes Huawei's efforts to address known router vulnerabilities as "half-arsed" (it's an industry term). WIRED expresses the current mood about risks surrounding the company's products as a feeling that it's not the backdoors, but the bugs that matter.
Correctional authorities in Finland have an idea for training artificial intelligence: have prisoners answer questions and use their answers to make the AI smarter. The country's Criminal Sanctions Agency has contracted with AI firm Vainu to provide the inmates' labor to the project. It's seen as a win-win-win: the jailers keep their charges busily on the road to rehabilitation, the prisoners get learning and self-improvement, and the machines get smarter. Or at least street-smarter.
Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, Finland, Iran, Republic of Korea, Latvia, Lithuania, NATO/OTAN, Russia, Ukraine, United Kingdom, United States.
The spelling of "Magento" has been corrected in the summary.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Pydio 8 Multiple Vulnerabilities(SecureAuth) 1. Advisory Information. Title: Pydio 8 Multiple VulnerabilitiesAdvisory ID: SAUTH-2019-0002Advisory URL: https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities Date published: 2019-03-28Date of last update: 2019-03-28Vendors contacted: PydioRelease mode: Coordinated release
Rockwell Automation PowerFlex 525 AC Drives(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: PowerFlex 525 AC DrivesVulnerability: Resource Exhaustion2. RISK EVALUATIONSuccessful exploitation of this vulnerability could result in resource exhaustion, denial of service, and/or memory corruption.
Dark web typosquatting: Scammers v. Tor(Digital Shadows) One day while using our Shadow Search investigation tool, I stumbled upon a network of typosquat domains. We see squats all the time, but what caught my eye was that these weren't for legitimate businesses, they were for criminal dark web sites, specifically on the Tor network.
SQL Injection in Magento Core(Sucuri Blog) We disclose an SQL Injection vulnerability in Magento core which can be exploited without any form of privilege or authentication.
You Need To Know How Cybersecurity Affects Mergers and Acquisitions(Security Boulevard) Time to Learn More Anytime you plan to get involved with something, whether it be a person, place, or thing, you need information —sometimes a lot of information. In the world of M&A, this process involves taking reasonable steps to learn as much as possible about another company’s strengths and assets, as well as their weaknesses and liabilities. For a time, those liabilities often came in the form of financial debt, messy legal obligations, or poor revenue — but these days, this accountability analysis also includes all data related to a company’s cybersecurity posture.
Success of Thales Offer for Gemalto Shares(AP NEWS) Reference is made to the joint press release by Thales (Euronext Paris: HO) and Gemalto (Euronext Amsterdam and Paris: GTO) dated 27 March 2018 in relation to the launch of the recommended all-cash offer by Thales for all the issued and outstanding shares of Gemalto (the Offer ), the publication of the Offer Document, and the joint press release of Thales and Gemalto dated 14 March 2019 in relation to the Acceptance Closing Time.
PayPal laying off nearly 400 Hunt Valley employees(Maryland Daily Record) PayPal is firing nearly 400 employees at its Hunt Valley offices, according to filings the company has made with the state. PayPal in a statement said it was terminating the jobs as part of a previous agreement with Synchrony, which will now handle servicing and collections for the company.
SailPoint Announces Tracey Newell Has Joined Its Board of Directors(AP NEWS) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity governance, today announced the appointment of Tracey Newell to its Board of Directors and as a member of the Compensation Committee and the Nominating and Corporate Governance Committee, effective March 27, 2019.
Task Force Update: From First to Second…(Ukrainian Election Task Force) In the homestretch of Ukraine’s presidential race, we should know in just a few days which two candidates will face off in the second round on April 21. That assumes, of course, that no candidate gets a majority of the vote in the first round on March 31, that there will be no problems in the vote tabulation, that the candidates who fail to advance to the second round accept the results of the first, and that there will be no hacking of the Central Election Commission, as happened in 2014, and so on.
Facebook’s handling of Alex Jones is a microcosm of its content policy problem(TechCrunch) A revealing cluster of emails reviewed by Business Insider and Channel 4 News offers a glimpse at the fairly chaotic process of how Facebook decides what content crosses the line. In this instance, a group of executives at Facebook went hands-on in determining if an Instagram post by the conspiracy…
Google pulls controversial anti-gay religious app from the Play Store(TechCrunch) The same day the Human Rights Campaign downranked the company in its index of the best LGBTQ-friendly employers, Google decided to yank a controversial app accused of promoting conversion therapy from the Play Store. On that list, known as the Corporate Equality Index, the HRC, a prominent LGBTQ ri…
NATO at 70: Lessons From The Cold War(Atlantic Council) On April 4, NATO will mark the 70 th anniversary of the signing of the Washington Treaty, which laid the foundation for arguably the most successful alliance the world has ever seen. Yet despite all of its successes, many forget that NATO never had...
Pompeo wants NATO to take ‘actions’ to help Ukraine(Stars and Stripes) The U.S. and its allies in Europe could agree at an upcoming NATO meeting to provide more support to Ukraine in its efforts to resist Russian aggression in the region, America’s top diplomat said Wednesday.
Feds Seek To Up Their Cybersecurity Game(Forbes) The U.S. government doesn't have.a great track record when it comes to cybersecurity. But several pending initiatives are aimed at improving it, for both the public and private sector.
New Bill to Protect U.S. Senate Personal Devices, Accounts from Hackers(BleepingComputer) U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.
MI5 and the Met sharpen fight on terror(Times) Britain is one of the safest and most prosperous countries in the world. Nonetheless, the complex challenges we and other countries face from terrorism and malign acts by foreign states are all too...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Infiltrate 2019(Miami Beach, Florida, USA, May 2 - 3, 2019) INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network...
Symposium on Securing the IoT(San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...
Women in CyberSecurity (WiCyS) Conference(Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...
Mid-Atlantic Collegiate Cyber Defense Competition(Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...
Suits and Spooks AI Summit(Washington, DC, USA, March 29, 2019) The Suits and Spooks AI Summit will examine how Artificial Intelligence is changing the tactics of offense and defense conducted by companies and nation states in networks as well as on the battlefield.
InfoSec World 2019(Lake Buena Vista, Florida, USA, April 1 - 3, 2019) Cybersecurity has come a long way in 25 years, and InfoSec World has been there through it all. That's right, InfoSec World 2019 Conference & Expo is returning to Disney's Contemporary Resort on April...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.