Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 14, 2019.
By the CyberWire staff
Citizen Lab attributes (with "moderate confidence") a multi-year, multilingual influence operation to Iran, the Washington Post notes.
WhatsApp has patched a vulnerability that permitted remote installation of NSO Group's Pegasus intercept tool, the Financial Times reports. It's unknown how many phones were affected; the University of Toronto's Citizen Lab says that they're aware of one (probable) case. The vulnerability is said to have affected both Android and iOS devices. NSO Group said it would not have been involved in such activity, and that it's investigating.
BleepingComputer writes that Symantec, McAfee, and Trend Micro were among the security firms allegedly breached by the Fxmsp hackers. Trend Micro said data from a test lab had been accessed by unauthorized parties, but that no source code or customer information were compromised. Symantec denied being affected at all, and McAfee says it's investigating. BleepingComputer identified the companies from unredacted Fxmsp chat logs it received from Advanced Intelligence researchers. There's no word yet about a rumored fourth victim.
What's the cost of a breach? In the case of Equifax, Infosecurity Magazine reports that it's so far cost the company $1.4 billion.
Firms are concluding that many of the data lost in breaches needn't have been collected in the first place. A database of some 200 million individuals' information is circulating in what CSO calls "the grey market." While it doesn't include such tripwire data as Social Security, passport, driver's license, or credit card numbers, it contains forty-two fields of great interest but dubious direct-marketing value.
Today's issue includes events affecting Australia, Cambodia, Canada, China, Denmark, Egypt, Iran, Israel, Jordan, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Sweden, Tanzania, Thailand, United Kingdom, the United States, Uzbekistan, and Venezuela.
Bring your own context.
Some of the trends reported in this year's Verizon's Data Breach Investigation Report are quite positive, like the way human resources departments are now savvier about social engineering, and the decline in the number of W2 scams. Other trends are less positive, like this one:
"There was another sharp increase this year on the number of records leaked through misconfiguration of cloud-based storage. So think about your favorite cloud-based platform as a service provider. They will have an option where you can just post files online. Some people are leaving them open for public consumption, right? And there's a lot - we had - we tracked over 60 million different records of multiple sources, multiple organizations that were leaked this way, just because someone failed to press the keep this private checkbox - could potentially have been easily avoided, right? There was no work on anybody's part. There was no hacking, no zero day, no nothing involved, just plain misconfiguration." Alex Pinto, head of security research at Verizon, and co-author of the twelfth annual Data Breach Investigation Report, on the CyberWire Daily Podcast, 5.10.19.
Check your services. They won't configure themselves, and no matter how good the defaults are, they need a look.
Automation techniques by Coalfire and AWS enable FedRAMP ATO in half the time
Automation is dramatically changing the times and costs to compliance—in many cases by half compared to traditional methods. Furthermore, these techniques can slash the demands on in-house staff and eliminate much of the redundant work across frameworks. Download the white paper explaining the benefits of new automation techniques pioneered by Coalfire and AWS.
Uniting Women in Cyber(Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond(BleepingComputer) A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated from alleged victims statements that are disputed by the firm that sounded the alarm.
New Details Emerge of Fxmsp's Hacking of Antivirus Companies(BleepingComputer) It is difficult to fathom that a threat actor may be able to breach the networks of a reputed security company. Yet, this is not only possible but also happened in the past; and it is not far-fetched to believe that it is the case with at least three antivirus makers, as reported by BleepingComputer earlier this week.
Boost Mobile says hackers broke into customer accounts(TechCrunch) Boost Mobile, a virtual mobile network owned by Sprint, has confirmed hackers have broken into an unknown number of customer accounts. The company quietly posted a notification of its data breach almost exactly two months after March 14, when Boost said the breach happened. “Boost.com experie…
200 million-record breach: Why collecting too much data raises risk(CSO Online) Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now circulating on the grey market.
The trust crisis in web standards(InnovationsAus.com) New research from CSIRO’s Data61 unit has found that even the most popular and trusted websites are using chains of third-party scripts and services hidden from end users that make these sites prone to malicious activity.
Incident Reporting System(US-CERT) As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.
A look at Hworm / Houdini AKA njRAT(Security Boulevard) Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats.
China: How Mass Surveillance Works in Xinjiang(Human Rights Watch) Chinese authorities are using a mobile app to carry out illegal mass surveillance and arbitrary detention of Muslims in China’s western Xinjiang region, Human Rights Watch said in a report released today.
Vulnerability Summary for the Week of May 6, 2019 | US-CERT(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Quarterly Website Security Report(Sitelock) The SiteLock 2019 Website Security Report analyzes more than 6 million websites to determine the most prevalent cyberthreats websites face today.
IoT Spotlight(Bugcrowd) We are on the verge of a major technological revolution: interconnectivity at scale, anytime and anywhere. IoT has paved the way for smart cities, cities, improved productivity, the connected home, and ultimately more opportunities to connect with one another.
DDoS attacks among top 5G security concerns(SearchSecurity) 5G security concerns are top of mind for mobile operators now that the new generation of wireless technology is a reality. Specifically, they're worried about bigger and more destructive DDoS attacks.
Digging Deep into the Verizon DBIR(Decipher) The Verizon Data Breach Investigations Report isn’t just full of interesting data breach statistics; it also offers enterprise defenders valuable insights on the kind of real-world threats they should be worrying about.
Retailers Are Under Siege from Botnets(Technology Solutions That Drive Business) For retailers competing to provide a seamless — and safe — online experience for consumers, bots pose a big problem. Hackers attempted a staggering 10 billion attempts to access retail sites between May and December 2018, according to a recent report by Akamai Technologies.
Bill Carroll Joins Bishop Fox as Chief Operating Officer(Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Bill Carroll has joined the firm as Chief Operating Officer (COO), where he will be responsible for the day-to-day operations of the company. As
Versasec Releases vSEC:CMS S5.5(Versasec) vSEC:CMS S-Series 5.5 identity and access management software also adds support for Identiv uTrust MD and Gemalto PIV 3.0 smart cards, and options for Oberthur PIV 8.1 smart cards
CyberScale™ Compliance And Risk Management Solution(Criterion Systems) While the cybersecurity threat environment is well known as a key challenge for Federal Departments and Agencies (D&As), there are other, equally important issues that need to be addressed when they seek to improve their cybersecurity and privacy (CS&P) programs.
ShorePoint, Inc. Expands Advisory Services Offering(ShorePoint, Inc.) ShorePoint, Inc. is a privately held cyber security services firm, serving both private and public-sector customers. Our executive team is comprised of cybersecurity experts who collectively bring more than 80 years of experience keeping government agency and company networks strongly secured from cyber threats.
U.S. Govt Issues Microsoft Office 365 Security Best Practices(BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) issued a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft Office 365.
The Need for Tiered Security at the Edge(SecurityWeek) Edge computing lets organizations analyze important data closer to the edge of the network in order to respond to events in near real-time – a requirement for many industries, including health care, telecommunications, manufacturing, and finance.
Weaponizing Cyber Law(Project Syndicate) In recent years, autocratic regimes have increasingly relied on legal and bureaucratic tools – from restrictions on foreign funding to draconian sedition laws – to impede civic activism. Now, they are adding cyber legislation to their arsenals of repression.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NIST IT Security Day(Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...
Transport Security Congress(Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.
TechNet Cyber(Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.