What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
May 21, 2019.
Hacking Humans renewed for its second season.
During the inaugural live episode of the Hacking Humans Podcast May 9th at KB4-CON 2019 in Orlando, the CyberWire announced that its popular show will be renewed for a second season as KnowBe4 renews its sponsorship. Hacking Humans, which airs Thursday mornings US Eastern Time, covers social engineering. Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins Information Security Institute will return as the hosts. Hacking Humans takes listeners behind the scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on individuals and organizations around the world. The show features interviews with experts on social engineering drawn from industry, law enforcement, university sciences and arts, and, of course, with those practiced in the crafts of influence and deception.
By the CyberWire staff
Cisco Talos has released a report on the BlackWater cyber espionage campaign. BlackWater is active largely in the Middle East, and it's associated with "persistent threat actor" MuddyWater. BlackWater is, researchers say, unusually evasive, adding three steps to MuddyWater's familiar pattern: "an obfuscated Visual Basic for Applications (VBA) script to establish persistence as a registry key," then a PowerShell stager designed to look like a red-teaming tool, and communication with a different command-and-control server than the one used in the initial attack stages. MuddyWater has been attributed by Mitre and others to Iran.
Remote connectivity solutions provider TeamViewer was indeed compromised in 2016, Spiegel reports, but did not disclose the incident at the time since in the company's view it affected only its infrastructure as opposed to its customers. The attack is attributed to Chinese intelligence services.
Upstream's security lab Secure-D says that VidMate, an Android app with about half a billion downloads, behaves badly. The app allegedly serves adware, subscribes users to paid services, and sucks their mobile data. VidMate told BuzzFeed it was investigating the matter, but declined to say much more than that.
An unsecured AWS database, apparently belonging to Mumbai-based social media marketing outfit Chtrbox, has exposed information on millions of Instagram influencers, celebrities, and brand accounts, TechCrunch reports. The data seem to have been obtained by scraping.
Bravo Emsisoft, which has released a decryptor for JSWorm 2.0 ransomware.
The US continues to be serious about strictures against Huawei, as markets sort out the ban's consequences.
Today's issue includes events affecting China, Ecuador, European Union, Iran, Malaysia, Russia, Sweden, United Arab Emirates, United Kingdom, United States.
Bring your own context.
Sure it's secure, but does it still work?
"There are challenges when designing a medical device in prioritizing clinical features over cybersecurity features. So for example the No. 1 priority of a pacemaker is that it always continues to keep the patient's heart beating. And when you're designing a pacemaker, that's obviously the most important thing that you need to be designing for the device. Well, how many clinical features can an engineering team put off to the future in return for implementing some security features to ensure that that device is functioning safely? And designing security features into devices, as you can imagine, can be pretty tricky and pretty time-consuming. So there's this constant battle between clinical functionality, interoperability, ease of use for clinicians and actually building security features into these things so that bad guys can't do bad things with them."
—Mike Kijewski, CEO and founder of MedCrypt, on the CyberWire Daily Podcast, 5.17.19.
Reconciling the tension between functionality and security isn't trivial, and with medical devices, it can be a matter of life and death.
According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next? On May 22nd at 2:00 PM ET join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as what are the weakest links in current security postures and What the hottest security technologies are in 2019.
And Recorded Future's podcast, produced in cooperation with the CyberWire, is also up. In this edition, "Investing in Technology, Innovative Leaders, and Yourself," Niloofar Razi Howe, technology executive, entrepreneur, board member, and investor, with service as chief strategy officer for both Endgame and RSA Security, discusses her career and some trends in technology and security.
National Cyber Summit Job Fair, June 5, Huntsville.(Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
MuddyWater Hacking Group Upgrades Arsenal to Avoid Detection(BleepingComputer) The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater.
TeamViewer Confirms It Was Hacked in 2016(SecurityWeek) TeamViewer confirms it was hacked in 2016 -- likely by Chinese cyberspies -- but the company decided not to make the breach public as it found no evidence that it affected users.
Vulnerability Summary for the Week of May 13, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
As Cyberattacks Rise, U.S. Business Readiness Falls(The National Law Review) Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled
U.S. Plans Temporary Exemptions to Huawei Blacklist (Wall Street Journal) U.S. officials said they would grant a handful of temporary exceptions to an export blacklist against Huawei Technologies Co., giving suppliers and customers of China’s telecom giant a 90-day reprieve from tough trade penalties.
Appealing for collaboration, DHS nudges ICS companies toward a more 'proactive' defense - CyberScoop(CyberScoop) With the private industrial cybersecurity market thriving, the Department of Homeland Security is continuing to push for closer coordination with experts on the front lines of defending facilities like power plants from hackers. In speeches last week to vendors, security researchers, and state officials, DHS personnel said they wanted to help put companies on a more proactive defensive posture to thwart hacking threats to industrial environments. The department has been working with ICS vendors to test security products before they go to market, but more needs to be done, Jeanette Manfra, assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency, said last Wednesday at Hack the Capitol, an ICS security conference in Washington, D.C. “In this space, unlike really, frankly, any other, we have got to have much more capability to prevent the attacks from happening before they get in there – or at least detect them quickly so …
Current and future tips for Huawei Users(Avira Blog) Trade issues have shut out Huawei users from Google updates. While they can still use Google services, the lack of updates is a serious longterm issue.
How security leaders can minimize human error(Fifth Domain) Hackers aren’t doing technical gymnastics to navigate through agency firewalls or network defenses. Instead, they’re favoring some particularly vulnerable targets: employees.
Emsisoft releases a free decrypter for JSWorm 2.0 Ransomware | Emsisoft | Security Blog(Emsisoft | Security Blog) Our malware research team just released a decrypter for the new ransomware we nicknamed JSWorm 2.0. JSWorm 2.0 is written in C++ and uses Blowfish encryption. We call it “2.0” because there was another C# ransomware that used the “.JSWORM” extension. Some strings also suggest this ransomware may be from the same author. Notable callouts …
Huawei ban sparks fears of technology Cold War(Times) Tens of billions of dollars have been wiped off the value of some of Silicon Valley’s biggest players over fears that a technology Cold War is breaking out between the two economic superpowers.
Huawei 5G in Europe and Beyond(Carnegie Endowment for International Peace) In the past five years, there have been growing cybersecurity concerns about the Chinese company Huawei’s involvement in the deployment of 5G across the world. This timeline shows over 100 events related to Huawei and 5G in the EU and NATO member states, as well as Australia, Japan, New Zealand, the Philippines, and South Korea.
Do not underestimate the depth of US concern over Huawei(The Telegraph) There is a mistaken impression concerning the US national security policy-making process that says somehow our government is not serious because decision-making in the Trump administration can be capricious and arbitrary.
U.S. lawmakers call on spy chief to rein in spread of hacking tools(Yahoo News) The effort, led by Democratic Representative Tom Malinowski, is the second request in the last week asking the State Department to provide information about its approval process for U.S. companies that sell offensive cyber capabilities and other surveillance services to foreign governments. The letter
How government can finally move beyond the OPM data breach(Fifth Domain) One of the largest cyberattacks in U.S. government history, the Office of Personnel Management hack prompted the government to look at the root cause of the incident. Where should public agencies continue to focus to make sure they are protected from cyberthreats?
Cybersecurity Co. Sued Over Jacobs' Planned $815M Deal(Law360) A stockholder hit KeyW with a proposed class action in Maryland federal court Friday, alleging that the cybersecurity firm failed to disclose key details about its planned $815 million acquisition by Texas-based Jacobs Engineering.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Gateway Innovation Center: Partners in Cyber(Columbia, Maryland, USA, June 6, 2019) The Howard County Economic Development Authority will host a multifaceted panel event on June 6. Each of our speakers represents leading cyber and technology organizations in the region which provide valuable...
NetDiligence® Cyber Risk Summit(Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...
ICX Insurance Summit with Pindrop and MassMutual(Springfield, Massachusetts, USA, June 19 - 20, 2019) MassMutual, together with Pindrop, is hosting the Identity & Customer Experience (ICX) Summit specifically for insurance organizations to discuss current issues and share strategies and ideas around security...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
NAWC Cybersecurity Symposium(Washington, DC, USA, May 21, 2019) The National Association of Water Companies (NAWC) will hold its inaugural 2019 NAWC Cybersecurity Symposium on Tuesday, May 21, 2019 at the Army-Navy Club in Washington, D.C. The day-long event will bring...
Kansas City CyberSecurity Conference(Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...
2019 Georgetown Cybersecurity Law Institute(Washington, DC, USA, May 22 - 23, 2019) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity.Those lawyers who ignore cyber threats are risking millions...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.