Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Many of the innovative young companies at the Summit have roots in the intelligence world. We'll close with some observations the DataTribe portfolio companies offered in a session on "Transitioning 'Practice' to 'Product'." In some respects that transition is similar to the one any company must make when it emerges from a research organization into the market. All the companies on stage, ReFirm Labs, ENVEIL, Prevailion, and Attila Security, agreed that startups coming from that world sometimes have difficulty recognizing the importance of delivering a solution that scales. Most of them (with ENVEIL dissenting) thought that entrepreneurs with a background in the Intelligence Community can fail to realize that there are limits on available funds.
People who come from the Intelligence Community, the panel agreed, tend to bring with them a strong sense of mission. They need to shift their understanding of return-on-investment. In the IC, ROI tends to be understood in terms of mission capability. In business, ROI is of course understood in terms of profit. That's a shift the panelists thought IC veterans were able to make without undo difficulty.
By the CyberWire staff
US-CERT issues a warning concerning a new malware tool, ElectricFish, now being deployed actively by North Korean cyber operators.
Advanced Intelligence says that three anti-virus vendors have been breached by the well-known criminal group Fxmsp. The gang, which is notable for having both English-speaking and Russian-speaking operators, stole source code for anti-virus agents, analytic code, and web browser security plug-ins.
In a long New York Times op-ed, Facebook's co-founder, Chris Hughes, calls for the company to be broken up. It's a monopoly, Hughes argues. He also makes a case for public regulation of online content: he'd rather public servants police speech than private companies. Some such regulation seems increasingly likely, at least internationally. The Wall Street Journal reports that France's government intends to introduce legislation that would impose a duty of care on social media to regulate content that appears on their platforms. Reuters notes that President Macron is seeking a third regulatory way, a via media between a too restrictive China and a too permissive America.
The US Justice Department has unsealed an indictment that charges two Chinese nationals (Fujie Wang and "John Doe") with hacking healthcare insurer Anthem in 2015, and with hacking three other unnamed companies in separate incidents. Those companies were in the technology, basic materials, and communications sectors. Wang and Doe are regarded as members of a sophisticated cyber espionage unit.
A former US intelligence analyst, Daniel Everette Hale, has been arrested and faces charges related to alleged leaking of highly material to a reporter.
Today's issue includes events affecting Canada, China, France, Russia, Ukraine, United Kingdom, United States, and Vietnam.
Bring your own context.
Emojis are a form of online jargon grown even more pervasive than leetspeak. You may not remember what AFK or ROFL mean, but who doesn't get the smiley? But emojis themselves have developed a syntax to go with their easy semantics. And where does that get you? Into court, that's where, IOHO.
"The case referenced comes from California. And a person under investigation of soliciting - or basically being a pimp, hiring prostitutes and the subject of a prostitution sting had texted somebody using a crown emoji, high heels and a dollar sign. And that accompanied the message, 'Teamwork makes the dream work.' Prosecutors claim that the message implied a working relationship between a potential prostitute and this individual. The individual's defense was that he was simply trying to strike up a romantic relationship." Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 5.8.19.
Sure, pal: tell it to Carlos Danger. But wait, what's that, Counselor? There's more?
"But the fact that these emojis were used in the prosecution, I think, is both extraordinary and also becoming more common. You know, in terms of the reliability of emoji use, when we're talking about a criminal case, it seems rather unreliable. I don't know about you, but in my casual conversations, I will frequently use the wrong emoji." Mr. Yelin, still on that podcast.
You said it, kiddo. We'll just use the glitch-crab emoji, sans crown, high heels, and dollar sign, and let it go at that.
The CISO's ultimate guide to AppSec: 11 essential best practices you should know
By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.
And some of our correspondents have been down in Florida this week for KB4-Con. Stand by for notes in our social media channels (Twitter, Instagram, or Facebook), and for special editions of Hacking Humans.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Uniting Women in Cyber(Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Risk management: responsibilities and perspectives(The CyberWire) One of the challenges boards face in managing risk is that they're required to make decisions in matters on which they themselves lack deep expertise, which renders education, drill, and well-presented and relevant metrics all the more important.
Task Force Update: Russian Interference Continues Post-Election(Ukraine Elects) Just days following the April 21 second round of the pivotal presidential election in Ukraine, Russian President Vladimir Putin offered expedited passports and citizenship to Ukrainians in the Russian-occupied territories of Donetsk and Luhansk. He subsequently extended the offer to Ukrainians who m
North Korean Hackers Use ELECTRICFISH Malware to Steal Data(BleepingComputer) The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims.
MAR-10135536-21 – North Korean Tunneling Tool: ELECTRICFISH(US-CERT) This Malware Analysis Report (MAR) is the result of analytic efforts between DHS and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified a malware variant used by the North Korean government. This malware has been identified as ELECTRICFISH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
HIDDEN COBRA - North Korean Malicious Cyber Activity(CISA) The information contained on this page is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. The intent of sharing this information is to enable network defenders to identify and reduce
A Pony Hidden in Your Secret Garden(Security Boulevard) Pony is the most widespread type of malware, representing around 39% of the active credential theft malware around the world according to BlueLiv’s report on Credential Theft Malware. Since its first appearance in...
Ongoing Credit Card Data Leak(360 Netlab Blog) Our DNSMon flagged an abnormal domain name magento-analytics[.]com, been used to inject malicious JS script to various online shopping sites to steal the credit card owner/card number/expiration time/ CVV information.
24% of health IT experts would refuse to pay ransom(Beckers Hospital Review) As healthcare information technology professionals become more confident in their ability to respond to a cyberattack, 24 percent remain steadfast in the decision to not pay a ransom, according to an Infoblox survey.
Whose (usage) data is it, anyway?(Help Net Security) Around the world, business customers now demand business-to-business (B2B) SaaS companies safeguard their usage data. More importantly, they want to know
Evident Raises $20 Million for Secure, AI-Powered Identity Verification(Yahoo) The financing will enable Evident to broaden its existing, robust technical infrastructure including deepening its investment in AI and machine learning, computer vision, and facial recognition technologies. Evident will also expand its team to meet the explosive demand for identity verification
Symantec CEO resignation sends stock down sharply(Silicon Valley Business Journal) In the three years since Greg Clark took the helm, Symantec stock has only risen by about 8 percent. The S&P 500 index is up by about 32 percent in that same time.
Venezuela: Fears for Juan Guaidó as deputy seized(Times) The Venezuelan regime has begun a purge of suspected defectors and opposition politicians after last week’s failed uprising against President Maduro. Intelligence agents used a tow truck to drag...
We must learn what to do if the lights go out(Times) Late last month, as troops at Fort Bragg, the United States’ largest military base, were conducting a deployment exercise, the power went out. For hours, the 50,000-odd soldiers and officers at the...
Inside China's Massive Surveillance Operation(WIRED) In Xinjiang, northwest China, the government is cracking down on the minority Muslim Uyghur population, keeping them under constant surveillance and throwing more than a million people into concentration camps. But in Istanbul, 3,000 miles away, a community of women who have escaped a life of repression are fighting a digital resistance.
Cyberspace Solarium Commission Gets to Work(MeriTalk) Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., announced the formal launch of the Cyberspace Solarium Commission (CSC) on May 8. The two lawmakers will lead the 14-person Commission.
When countries use ‘security’ to restrict trade(The Financial Express) Although the WTO has expressed its right to adjudicate security exceptions invoked by members under Article XXI of GATT, it remains to be seen whether WTO members, particularly major powers, accept this point of view.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Security in our Connected World Seminar(Shenzhen, China, September 25, 2019) This year, GlobalPlatform’s seminar will examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), and delve into their associated business and technical...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Secutech 2019(Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from...
Cyber Security Transatlantic Policy Forum(Killarney, Ireland, May 10, 2019) The mission of the conference is to bring politicians, law enforcement, policy makers and cyber industry leaders together to create an annual dialogue. Our goal is to ensure that we expand and improve...
NIST IT Security Day(Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.