Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 13, 2019.
By the CyberWire staff
A known SharePoint vulnerability is being actively exploited in the wild. AT&T Alien Labs is tracking incidents involving CVE-2019-0604, a vulnerability Microsoft addressed in late winter. The Canadian Centre for Cyber Security warned last month of "China Chopper" malware hitting unpatched servers. Saudi Arabia's National Center for Cyber Security has also observed remote code execution exploitation of the vulnerability.
SC Magazine says that the (probably) Moscow-based gang Fxmsp may have stolen code from a fourth security company. None of the companies allegedly affected have been publicly named, but researchers at Advanced Intelligence have "high confidence" that Fxmsp has the code it says it does.
Thomson Reuters reports that the G7 are preparing a major exercise next month that will simulate a cross-border cyberattack against financial services and associated infrastructure.
Amnesty International will tomorrow petition the District Court of Tel Aviv to direct that Israel's Ministry of Defence revoke NSO Group's export license. NSO's lawful-intercept tool Pegasus is alleged to have been improperly used in surveillance by the governments of Mexico, Saudi Arabia, and the United Arab Emirates. The New York University School of Law's Bernstein Institute for Human Rights and Global Justice Clinic is supporting the suit.
Facebook is suing South Korean analytics firm Rankwave for allegedly abusing developer's platform data, reports TechCrunch.
Following incidents in which Chinese government money found its way to startups, the US Defense Department is moving forward with its Trusted Capital Markteplace program, intended to connect entrepreneurs with investors who don't represent a security threat.
Today's issue includes events affecting Argentina, Brazil, Canada, China, European Union, France, Germany, India, Ireland, Italy, Japan, Mexico, Montenegro, Panama, Russia, Saudi Arabia, South Africa, Sweden, United Arab Emirates, United Kingdom, United States.
Bring your own context.
When a business is shopping for cyber insurance, what features should it look for?
"Find a cyber insurance offering that offers a breach coach. Now, a breach coach is typically your outside counsel. So it is an outside legal firm, outside of your own general counsel, that you are protected through client-attorney privilege. And this breach coach will actually step you through and guide you through the whole incident or breach. And they will help you - they will place you with an incident response firm that's ready to go....
"And it's all covered under your policy. So instead of you having to fork out the hundreds of thousands of dollars - or in some case, hopefully not - millions of dollars to these services individually, you go with one provider, one breach coach. They bring in all of the ancillary services, and it's covered - all covered under the insurance premium." Justin Harvey of Accenture, reviewing cyber insurance on our 5.9.19 Daily Podcast.
The interests of insurer and insured are aligned, post-incident: both want to limit their losses.
Automation techniques by Coalfire and AWS enable FedRAMP ATO in half the time
Automation is dramatically changing the times and costs to compliance—in many cases by half compared to traditional methods. Furthermore, these techniques can slash the demands on in-house staff and eliminate much of the redundant work across frameworks. Download the white paper explaining the benefits of new automation techniques pioneered by Coalfire and AWS.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland, as Jonathan Katz talks about differential privacy, a technique for providing privacy for individuals taking part in studies.
Uniting Women in Cyber(Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Month Long Attack on Microsft SharePoint Servers(KoDDoS Blog) This comes from advisories from both the Canadian and Saudi Arabian cybersecurity agencies. The flaw the hackers are trying to exploit has been patched by Microsoft security updates in February, March, and April of this year and is known as CVE-2019-0604 in the Microsoft Security Update Guide.
[Heads-Up] If This Is True It's A Disaster. Three Major US Antivirus Companies Breached?(KnowBe4) Ars Technica is getting me worried here. We were all at KB4-CON in Orlando the last few days, and during the conference word got to me that security researchers found out that high-profile hackers have breached three US AV companies and are selling the source code. The most annoying thing is that they have alerted the authorities, but no one has mentioned the actual vendors as of yet.
Two years after WannaCry, a million computers remain at risk(TechCrunch) Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in over 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypt…
Crippling ransomware attacks targeting US cities on the rise(WFTS) Targeted ransomware attacks on local US government entities — cities, police stations and schools — are on the rise, costing localities millions as some pay off the perpetrators in an effort to untangle themselves and restore vital systems.
Google Wants to Change How Cookies Are Used(Decipher) Google I/O is a good place to announce a whole lot of new privacy features “coming soon.” It is also a good place to bury plans to change how Google will handle HTTP cookies in Chrome.
The Surprising Role Of Social Deviance In Viral News(Fast Company) A new study I completed at the Columbia University J-school says there is a strong relationship between the “social deviance” of the event or topic in a headline and the number of retweets it gets on Twitter.
One third Indian firms face serious cyber attack risk : Study(The Indian Wire) While 69 per cent Indian and 63 per cent Australian companies are most at risk of cyber attack, 35 per cent of organisations in the region suffered at least one cyber security incident in the last 12 months, says a sector study. According to a recent study by leading IT analyst firm …
Curv Crypto Wallet Gets $50 Million Worth of Insurance Coverage | BTC Wires(BTC Wires) Curv, a crypto securities company, has recently tied up with Munich Re, an insurance company to get coverage worth $50 million for its customers. A press release published by Curv on the 10th of May, 2019 announced this new development. The new insurance coverage is meant to account for all…
Proofpoint Joins the National Cyber Security Alliance Board of Directors(Yahoo) Proofpoint, Inc., (PFPT), a leading cybersecurity and compliance company, today announced its National Cyber Security Alliance (NCSA) Board of Directors membership, demonstrating a continued commitment to safeguard organizations worldwide from sophisticated people-centric cyberattacks and prioritize
NI hails cyber jobs(Professional Security) NI hails cyber jobs Security Summit Belfast BBC Radio 4 In Business programme critical infrastructure
How to prepare for a cybersecurity interview(Acumin) Just because there is a significant lack of cybersecurity professionals in the workplace currently, doesn’t mean you will automatically be offered every cybersecurity job you apply for, despite having the requisite hard skill set.
Symantec Needs Security at the Top (Wall Street Journal) The software maker announced new leadership in conjunction with a disappointing fourth-quarter earnings report. Following the news, Symantec’s market value fell 15%, erasing the stock’s gains for the year.
Former NGA director joins a pair of advisory boards(C4ISRNET) Although former National Geospatial-Intelligence Agency Director Robert Cardillo left the agency in February, his decision to join two organizations in the broader intelligence community signal his intention to stay involved in the national security community.
News: SIRP Partners with ZServices(SIRP) SIRP announces major partnership with Z Services, a leading cybersecurity SaaS provider in the MENA region, to deliver Security Orchestration, Automation and Response solution across the Middle East and North Africa (MENA)
Securing The Space Cloud: It’s Really Hard(Breaking Defense) "Security in space is different than security on Earth," says Jeb Linton of IBM Watson. "If you lose command and control for even five minutes, your satellite could be completely shut down."
Why Network Complexity Kills Security(Security Boulevard) The increasing complexity of networks is a growing concern for most enterprises. Networks have been built with a number of diverse network technologies, often starting with switches, routers, servers, and firewalls, all likely procured from different vendors at different times.
Closing the Security Gaps in Cloud Infrastructure Management(Redmondmag) A recent IDG survey unveiled a clear message on IT and security leaders’ challenges and strategies for managing server access: Cloud is changing where and how IT infrastructure is accessed and the traditional security methods aren’t keeping pace.
Preparing For A Cyberattack—In Four Steps(OPEN MINDS) Cyberattacks—an attempt by hackers to damage, destroy, or hold hostage a computer network, system, or data—have come to health and human service organizations.
The Empty Promise of Data Moats(Andreessen Horowitz) Data has long been lauded as a competitive moat for companies, and that narrative’s been further hyped with the recent wave of AI startups. Network effects have been similarly promoted as a defensi…
A Hacking Methodology Explainer(Secjuice Infosec Writers Guild) In this explainer I will attempt to explain hacking methodology in simple terms, because it can often be difficult for infosec outsiders to understand even the most commonly used terms.
Cryptanalysis of He’s quantum private comparison protocol and a new protocol(International Journal of Quantum Information) Recently, He proposed a novel quantum private comparison protocol without a third party (G. P. He, Int. J. Quantum Inf.15(2) (2016) 1750014). This paper points out that two security loopholes in He’s protocol are existent. And a new QPC protocol which can avoid these loopholes is proposed without the help of a third party in this paper.
Spies will target new 5G network, cabinet told(Times) The government has been warned the new broadband and 5G network technologies about to be introduced across Ireland will be targeted by foreign intelligence services and could pose a significant...
US anxiety over Huawei a sequel of the Yellow Peril(South China Morning Post) In the years leading up to the end of the cold war, opinion polls revealed more Americans feared the ascendant economy of Japan – their ally – than the Soviet Union. The same is happening now to Huawei as its products become superior.
Friend portability is the must-have Facebook regulation(TechCrunch) Choice for consumers compels fair treatment by corporations. When people can easily move to a competitor, it creates a natural market dynamic coercing a business to act right. When we can’t, other regulations just leave us trapped with a pig in a fresh coat of lipstick. That’s why as th…
Zuckerberg says breaking up Facebook “isn’t going to help”(TechCrunch) With the look of someone betrayed, Facebook’s CEO has fired back at co-founder Chris Hughes and his brutal NYT op-ed calling for regulators to split up Facebook, Instagram, and WhatsApp. “When I read what he wrote, my main reaction was that what he’s proposing that we do isn’…
NGA’s new deputy director is a familiar face(C4ISRNET) A leader that's no stranger to the National Geospatial-Intelligence Agency has been named to replace current Deputy Director Justin Poole, who announced in April that he would resign June 11.
Facebook sues analytics firm Rankwave over data misuse(TechCrunch) Facebook might have another Cambridge Analytica on its hands. In a late Friday news dump, Facebook revealed that today it filed a lawsuit alleging South Korean analytics firm Rankwave abused its developer platform’s data, and has refused to cooperate with a mandatory compliance audit and requ…
Nine Charged in Alleged SIM Swapping Ring(KrebsOnSecurity) Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Symposium & Expo(Laurel, Mayland, USA, September 10, 2019) The National Insider Threat Special Interest Group's event is for anyone involved in Insider Threat Program (ITP) Management / Insider Threat Mitigation. Speakers will come from the White House, Missile...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NIST IT Security Day(Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...
Transport Security Congress(Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.
TechNet Cyber(Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.