What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
May 20, 2019.
By the CyberWire staff
Huawei is now on the US Entity List, which means that US companies will need a special license from the Bureau of Industry and Security to do business with Shenzhen. TechCrunch says several US chip companies, Qualcomm and Intel among them, have stopped deliveries of chips to Huawei. Huawei anticipated this rainy day, and the South China Morning Post says the company has stockpiled a year's worth of US goods necessary to sustain production. Equally or more serious consequences are expected from Google's weekend suspension of Huawei's Android license (reported by the Verge). Huawei immediately loses access to Android updates, and new versions of its devices will no longer have access to Gmail or the Play Store.
Facebook has shut down accounts allegedly run by Israeli political marketing firm Archimedes Group for coordinated inauthenticity. The targets were in various African nations.
A script error in Salesforce's Pardot service affected customers beginning Friday. Service, CRN writes, is under restoration.
OGUsers, a popular forum that, despite its anodyne self-description, traded digital contraband, was hacked by other criminals, Vice reports.
Scare headlines in CSO and elsewhere suggest that the US Selective Service system (that is, the draft, gone since 1973, when Ichiro Suzuki was in diapers) might someday return. One presumed goal of a revived draft would be to enable the US military to conscript hackers, but hackers, we wouldn't sweat this one. The Orioles are likelier to contend for a pennant this year than you are to receive greetings from the President.
Today's issue includes events affecting Angola, Belgium, Canada, China, Denmark, Estonia, European Union, Finland, Greece, India, Iran, Israel, Kuwait, Niger, Nigeria, Poland, Portugal. Russia, Senegal, South Africa, Sri Lanka, Sweden, Togo, Tunisia, Ukraine, United Kingdom, United States.
Bring your own context.
So, same target set, same tools, same threat group, right? Not so fast.
"This is kind of a commonality that we've seen across a number of these advanced persistent threat groups. More and more of them are kind of switching over to using these freely available tools, which, one, makes it somewhat a little bit more difficult to track, in terms of if they were using something custom, it's - when you see tool pop up somewhere, you could reliably kind of attribute to that group, or it's probably that group that have been active. Now, by switching over to these kind of more common tools, these freely available tools, it makes it a little bit more difficult to kind of separate its activities and attribute it back to that group for tracking purposes."
—Alan Neville, principal threat intelligence analyst at Symantec, discussing the Elfin threat group, on the CyberWire's Research Saturday, 5.18.19.
Threat actors buy, borrow, swap, and steal from each other. And many of their tools have effectively become commodities.
According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next? On May 22nd at 2:00 PM ET join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as what are the weakest links in current security postures and What the hottest security technologies are in 2019.
ON THE PODCAST
In today's podcast, out later this week, we speak with our partners at the University of Maryland, as Jonathan Katz discusses a role for encryption in better security at border crossings. The CyberWire's Tamika Smith reports on the Baltimore City government ransomware situation.
National Cyber Summit Job Fair, June 5, Huntsville.(Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Cyber Attacks, Threats, and Vulnerabilities
Facebook’s latest account purge exposes Africa’s misinformation problem(TechCrunch) Facebook last week purged a network of hundreds of pages, groups and Instagram accounts it labeled as producing “coordinated inauthentic behavior” toward Africa. The activity originated in Israel and was largely targeted toward Nigeria, Senegal, Togo, Angola, Niger, and Tunisia. It was mostly polit…
Account Hijacking Forum OGusers Hacked(KrebsOnSecurity) Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.
Trickbot Watch: Arrival via Redirection URL in Spam(TrendLabs Security Intelligence Blog) We discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. The redirection URL is a way to sidestep spam filters that may block Trickbot at the onset.
Many people still remain vulnerable to WhatsApp hack: Here's why(Yahoo) Recently, a major security vulnerability in WhatsApp was revealed that allowed hackers to inject and spread Israeli spyware through voice calls. The company drew flak after the revelation but said the issue has been fixed with the latest update of the app. However, as it turns out, a large number of
When Older Windows Systems Won't Die(Dark Reading) Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
The Future of Wi-Fi Security: Assessing Vulnerabilities in WPA3(HackRead) A new study by researchers Matty Vanhoef and Eyal Ronen revealed five vulnerabilities – collectively named ‘Dragonblood’ – in the WPA3 Wi-Fi standard. Four of the five are considered a severe threat to online security. What does this teach us about trust in our networks?
Ransomware Attack Against Baltimore: Tweet from Hacker or Malicious Prankster?(Armor) Post Appears to Taunt City Officials Eric Sifford, security researcher with Armor’s Threat Resistance Unit (TRU) found that on Sunday, May 12, 2019 a newly created Twitter account posted usernames, passwords and other sensitive-looking, internal documents which appear to be related to the city of Baltimore. Armor chose not to reveal the Twitter handle at …
Andheri firm loses Rs 15L to cyber attack(Hindustan Times) According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work.
Cybersecurity's Week From Hell(BankInfo Security) Multiple flaws - all serious, exploitable and some already being actively exploited - came to light this week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
Security Patches, Mitigations, and Software Updates
Trump's move to ban Huawei a wake-up call for IT execs(SearchCIO) The Trump administration declared ongoing foreign threats to the ICT critical infrastructure supply chain a "national emergency" on Wednesday, laying the groundwork to ban Huawei products. IT execs who source any part of their supply chain to China should be concerned.
Opinion | America Needs Huawei(New York Times) The director of the Chinese tech giant’s board warns that banning the company will hurt the U.S. economy.
Cyber Insurance Needs to Keep Maturing(TechNative) Cyber insurance is quickly emerging as an important cyber security complement to traditional security mechanisms for small, medium, and large enterprises In a time when data breaches are common place, and even the largest and well-resourced businesses fall victim to a hostile cyber activity, cyber insurance is a necessity. Cyber insurance functions as other traditional insurance policies guarding against digital theft and/or damage, depending on the coverage parameters of the policy. In this capacity, cyber insurance is designed to safeguard organizations from severe financial damages as a result of substantial data loss or disruption/destruction of infrastructure that can impact business
Lack of Banking Options a Big Problem for Crypto Businesses (Wall Street Journal) Cryptocurrency companies shunned by banks often turn to shadowy middlemen for payment processing and other services. One of those companies is at the center of the mystery surrounding Bitfinex’s missing customer funds.
HPE to buy Cray, offer HPC as a service(Network World) High-performance computing offerings from HPE plus Cray could enable things like AI, ML, high-speed financial trading, creation digital twins for entire enterprise networks.
Quick Heal launches next-gen suite of cybersecurity solutions(Techiexpert.com) Quick Heal, which is an Indian cybersecurity solution provider has now revealed its next-generation suite of cybersecurity solutions for desktops and laptops, which the company claims is faster, lighter and smarter than its previous release. The new solutions include the upgraded versions of Quick Heal Total Security, Quick Heal Internet Security, and Quick Heal AntiVirus
How security leaders can minimize human error(Fifth Domain) Hackers aren’t doing technical gymnastics to navigate through agency firewalls or network defenses. Instead, they’re favoring some particularly vulnerable targets: employees.
How to Run a Threat Hunting Program(eSecurity Planet) What is threat hunting, how do you do it, and what tools and training do you need to do it right? We answer all that and more about this security tool.
The Pentagon AI center wants to solve these 4 problems(C4ISRNET) Though relatively new and secretive, the Joint Artificial Intelligence Center has revealed it is working to improve predictive maintenance, humanitarian aid and disaster relief, cyberspace and robotic process automation initiatives.
Foreign Cyberattackers Face Sanctions in EU(Wall Street Journal) European governments armed themselves with a new tool against cyberattackers, adopting a sanctions regime to allow them to penalize foreign individuals and entities as western countries seek fresh ways of deterring large-scale hacking of their computer networks.
Spies, Lies, and Algorithms(Foreign Affairs) Russian social media meddling in the 2016 U.S. election should serve as a wake-up call: U.S. intelligence community must shift its focus from counterterrorism to a suite of new technological threats, from AI to deepfakes and disinformation warfare.
Senate bill would woo high-tech ninjas to military(C4ISRNET) The co-founders of the Senate’s artificial intelligence caucus introduced the bipartisan Armed Forces Digital Advantage Act as a way to establish a career track for computer scientists in the military.
ODNI Releases Annual Intelligence Community Transparency Report(IC ON THE RECORD) Today, consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended (codified in 50 U.S.C. § 1873(b)), and the Intelligence Community’s (IC) Principles of Intelligence Transparency, we are releasing our sixth annual Statistical Transparency Report Regarding Use of National Security Authorities presenting statistics on how often the government uses certain national security authorities.
Litigation, Investigation, and Law Enforcement
Former CIA Officer Sentenced to Prison for Espionage(US Department of Justice) A former Central Intelligence Agency case officer was sentenced today to 20 years in prison for his transmission of national defense information to an agent of the People’s Republic of China.
Google, Facebook, Twitter rapped for not doing enough in EU fake news fight(Rueters via KFGO) Facebook, Google and Twitter were reprimanded by the European Commission on Friday for not doing enough to tackle fake news plaguing the election campaign to the European Parliament, seven months after promising to do more.
The tech giants took a voluntary pledge last October to combat the spread of fake news...
MeitY asks WhatsApp for spyware hack details and how many Indian users were affected(MediaNama) MeitY has asked WhatsApp for details about the recent spyware hack that allowed attackers to compromise users’ devices via WhatsApp calls, and the steps it is taking to address the situation, the Economic Times reports. The ministry has also asked the messaging service whether users in India were compromised and if so, how many. Once …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NAWC Cybersecurity Symposium(Washington, DC, USA, May 21, 2019) The National Association of Water Companies (NAWC) will hold its inaugural 2019 NAWC Cybersecurity Symposium on Tuesday, May 21, 2019 at the Army-Navy Club in Washington, D.C. The day-long event will bring...
Kansas City CyberSecurity Conference(Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...
2019 Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 22 - 23, 2019) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity.Those lawyers who ignore cyber threats are risking millions...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.