Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 17, 2019.
By the CyberWire staff
The US Navy may have put trackers in emails destined for defense counsel and news media covering a military trial involving leaks, Military Times reports.
The US Commerce Department immediately banned Huawei and seventy of the company's partners. The measure will also affect US exports. Broadcom, Qualcomm, Intel and Oracle, among others, will henceforth find it difficult to sell to Huawei, the Wall Street Journal points out.
China's government has called the Executive Order and its attendant enforcement actions a "wrong course," and promises to "resolutely defend" Chinese companies from Washington's depredations, the AP reports. Beijing sees the affair as a move in a trade war.
US allies may be nudged by both prudential policy and the Wassenaar Arrangement to follow suit, the Times says. They're aware that doing business with Huawei is not only unpopular with the US Government but can also be risky in its own right. As Forbes and others report, the Netherlands' intelligence service is investigating what appear to be Huawei-insinuated backdoors in Dutch telecommunications networks.
Today's issue includes events affecting Canada, China, France, Iran, Israel, Netherlands, Norway, Russia, Singapore, Sri Lanka, United Kingdom, United States.
Bring your own context.
Like the rest of us, criminals sometimes choose style over substance. The OceanLotus threat group, for example, is clever and well-resourced, but even they sometimes go for cachet instead of cash. In one instance, they used a small image of Kaito Kuroba, popular manga gentleman thief, for their steganographic caper.
"Absolutely, yeah, the Kaito Kid. Definitely give them some style points for that one. I mean, if it had been Naruto or Pokemon, it might have been a bit more easily identifiable. I certainly hadn't heard of that particular series, but we had a few on our APAC team who had. But no, in a way, that wasn't the perfect image for them, because it was too small to hold the entire payload embedded in individual pixels."
—Tom Bonner, director of threat research at Blackberry Cylance, on last weekend's Research Saturday.
So as big an impression the clothes would make on prom night, maybe the white top hat and tails aren't the best look for steganography. (Even if you accessorize with a purple scarf.)
Automation techniques by Coalfire and AWS enable FedRAMP ATO in half the time
Automation is dramatically changing the times and costs to compliance—in many cases by half compared to traditional methods. Furthermore, these techniques can slash the demands on in-house staff and eliminate much of the redundant work across frameworks. Download the white paper explaining the benefits of new automation techniques pioneered by Coalfire and AWS.
And don't forget that Research Saturday will be up tomorrow. In this week's episode, "Elfin APT group targets Middle East energy sector," we hear from researchers at Symantec who've been tracking an espionage group known as Elfin that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States. Alan Neville is a principal threat intelligence analyst at Symantec, and he joins us to share their findings.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
Tenable Research Discovered a Download Hijack Vulnerability in Slack(Tenable®) Slack issues update but bad actors could have leveraged the flaw for corporate espionage or file manipulation Tenable®, Inc., the Cyber Exposure company, today announced that its research team discovered a vulnerability in the Slack Desktop Application for Windows that could have allowed an attacker to alter where a victim’s files are stored when the documents are downloaded within Slack.
Intel MDS attack mitigation: An overview(Help Net Security) To remove or mitigate the danger MDS attacks present to users, the affected systems should get a microcode (firmware) update and a software update.
Bots Tampering with TLS to Avoid Detection(Akamai) Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...
Schneider Electric Modicon Controllers(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.4ATTENTION: Exploitable remotely/low skill level to exploitVendor: Schneider ElectricEquipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon QuantumVulnerability: Use of Insufficiently Random Values2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information
Fuji Electric Alpha7 PC Loader(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 3.3ATTENTION: Low skill level to exploitVendor: Fuji ElectricEquipment: Alpha7 PC LoaderVulnerability: Out-of-bounds Read2. RISK EVALUATIONSuccessful exploitation of this vulnerability could crash the device.3. TECHNICAL DETAILS3.1 AFFECTED PRODUCTSThe following versions of Alpha7 PC Loader, a motor controller, are affected:
UK consumers want businesses to do more to protect their data(BetaNews) Protecting your digital footprint is growing more important and the results from a survey of 2,000 UK adults by Kaspersky Lab finds that people believe there is not enough business or state protection currently in place to defend it.
New Product Bundle from Ping Identity Accelerates Cloud MFA and SSO Adoption for Enterprises(AP NEWS) Ping Identity, the leader in Identity Defined Security, today announced a cloud-based multi-factor authentication (MFA) and single sign-on (SSO) bundle, delivering security from identity-based attacks. Available today for a free 30-day trial, customers can protect applications, data and employees from pervasive security threats centered around phishing attacks, stolen credentials, and more.
Trump tries to tamp down talk of war with Iran(Military Times) President Donald Trump said Thursday that he hopes the U.S. is not on a path to war with Iran amid fears that his two most hawkish advisers could be angling for such a conflict with the Islamic Republic.
Hunt backs Washington over Iran threat(Times) Jeremy Hunt declared yesterday that Britain and the US share “the same assessment of the heightened threat posed by Iran” following a public rift over the issue. The foreign secretary said London...
On Iran, Justified US Fury Without an Endgame(Atlantic Council) We’ve been here before. The Trump administration, like every US administration since Jimmy Carter was president, is dealing with a hostile Iran bent on undermining US and regional security interests across the Middle East and beyond. We had a brief...
Dial 911: Trump’s Telecommunications National Emergency(Atlantic Council) US President Donald J. Trump on May 15 declared a “national emergency” that gives his administration the power to prevent US companies from doing business with foreign suppliers, including, potentially, Chinese telecommunications giant Huawei. The...
China criticizes US action against Huawei(AP NEWS) China vowed Thursday to "resolutely safeguard" Chinese companies after Washington labeled telecom equipment giant Huawei a security risk and imposed export curbs on U.S. technology...
Cyber Experts Call for More Collaboration, Training(Air Force Magazine) A new provision of the 2019 NDAA clears the way for fully fledged joint operations in cyberspace involving both military personnel and those from civilian agencies like the Department of Homeland Security, officials said Thursday.
Feds Target $100M ‘GozNym’ Cybercrime Network(KrebsOnSecurity) Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.
GozNym Cybercrime Group Behind $100 Million Damages Dismantled (BleepingComputer) Ten members of the GozNym cybercriminal group which used the Avalanche malware distribution network to launch malware attacks against businesses and financial institutions were indicted today for computer fraud conspiracy, wire and bank fraud conspiracy, and money laundering.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NAWC Cybersecurity Symposium(Washington, DC, USA, May 21, 2019) The National Association of Water Companies (NAWC) will hold its inaugural 2019 NAWC Cybersecurity Symposium on Tuesday, May 21, 2019 at the Army-Navy Club in Washington, D.C. The day-long event will bring...
Kansas City CyberSecurity Conference(Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...
2019 Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 22 - 23, 2019) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity.Those lawyers who ignore cyber threats are risking millions...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.