What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
There's a rise in malicious crypto apps, wallets and other items, cropping up in Google Play. ESET notices that this increase is significantly correlated with Bitcoin price spikes.
Canadian targets received a lot of attention from social engineers during the first quarter of 2019, Proofpoint notices.
The US yesterday charged Wikileaks founder Julian Assange with Espionage Act violations related to activities in 2009 and 2010. The indictment supercedes the one filed last month. Mr. Assange is currently serving a fifty-week sentence in a British prison. Both the US and Sweden are seeking his extradition. The latest charges arouse concerns about press freedom (see WIRED, for example) but the Justice Department counters that what Wikileaks has done had little to do with journalism.
Russia has taken note of NATO Secretary General Stoltenberg's London remarks, pointing with sombre alarm in Sputnik to the Secretary General's obvious point that a response to a cyberattack need not itself be a cyber counterattack.
Under increasing pressure as the US blacklist extends its reach to international customers, Huawei takes its charm counteroffensive to Vice.
Emails that appear to carry threats of litigation are proving effective phishbait, KrebsOnSecurity reports. (It's long been difficult not to engage with things arriving that seem to come from law firms.)
Today's issue includes events affecting Australia, China, Egypt, European Union, NATO/OTAN, Russia, Sweden, United Kingdom, United States.
A reminder: Monday is the annual observance of Memorial Day, and we'll take a hiatus for that day only, returning as normal on Tuesday. In the meantime, if you're in the US, enjoy the holiday, and wherever you are, spare a thought to remember the sacrifices of veterans and their families.
Bring your own context.
Don't let the lure of the exotic lead you to disregard the mundane.
"I think what I see quarter after quarter, year after year is that, really, the tried-and-true methods for getting at sensitive information just keep happening over and over again. If we can phish a user, if we can get him to give up some credentials, that's going to get us access into his system. And we can poke around, maneuver around, escalate from there, see what we can get. And we see these same patterns repeating, month after month, year after year. So you know, I think the fundamentals still apply."
—Inga Goddijn from Risk Based Security on the CyberWire Daily Podcast, 05.22.19.
So don't neglect the obvious, whether you're mitigating risk, accepting risk, or transfering risk. And on transfering risk, you can rest assured the insurance carriers are aware of, and paying attention to, what's in front of your face.
According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next? On May 22nd at 2:00 PM ET join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as what are the weakest links in current security postures and What the hottest security technologies are in 2019.
National Cyber Summit Job Fair, June 5, Huntsville.(Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Cyber Attacks, Threats, and Vulnerabilities
Uncovering New Activity By APT10(enSilo) In April 2019, enSilo detected what it believes to be new activity by APT 10, a Chinese cyber espionage group. The variants discovered by enSilo are previously unknown and deploy malware that is unique to the threat actor.
Egyptian DDoS Campaign Observations(Akamai) Between March 19 and March 25, 2019, there was a very large amount of DDoS traffic sourced from a specific Egyptian Autonomous System (ASN) directed at Akamai Prolexic customers. It's worth noting this is an ASN we rarely see in...
PoC Exploits Created for Wormable Windows RDS Flaw(SecurityWeek) Several PoC exploits, including ones that can be used for remote code execution, have been created for the recently patched Windows RDS vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep.
Kaspersky Lab Sees Spike In Mobile Banking Cyberattacks(PYMNTS.com) Kaspersky Lab, a cybersecurity and anti-virus company, has reported a rise in a specific malware intended to steal money and credentials from people’s bank accounts. The company found 29,841 files of the malware in Q1 of 2019, which is up from 18,501 in Q4. Attacks on upwards of 300,000 users were detected. Kaspersky Lab released […]
Cyren Expands Executive Team(Yahoo) Cyren (CYRN), a leader in cloud security, announced today that Lior Kohavi, who has served as Cyren's Chief Technical Officer since joining the company in 2013, has been promoted to the newly created position of Chief Strategy Officer & EVP Advanced Solutions
CVE-2019-11815: A Cautionary Tale About CVSS Scores(TrendLabs Security Intelligence Blog) by John Simpson Vulnerabilities in the Linux kernel are not uncommon. There are roughly 26 million lines of code, with 3,385,121 lines added and 2,512,040 lines removed in 2018 alone. The sheer complexity of that much code means that vulnerabilities are bound to exist. However, what is not at all common is the existence of...
Protect Your Account With Google's Highest Ranked Security Methods(Life Hacker) Everywhere you turn, someone is handing out advice about account security and privacy. And while it never hurts to be reminded about all the ways you can protect your critical data, have you topped to wonder whether any of the various security measures you’re taking are actually effective?
12 dark secrets of encryption(CIO) With data security a key concern across all systems, encryption is increasingly becoming the go-to solution. But encryption may be less of a sure thing than you think.
Time finally runs out for Theresa May(Times) Theresa May is set to resign as the Conservative leader today, clearing the way for a new prime minister by the end of July. She is expected to bring her premiership of nearly three years to a...
Who are the candidates to replace Theresa May?(Deutsche Welle) Following Theresa May's confirmation that she will quit on June 7, there are several Conservative candidates jostling for position to replace her as party leader, and by extension prime minister of the United Kingdom.
China’s new cyber totalitarianism(Boulder Weekly) Human Rights Watch has released a report on human rights abuses in the world’s largest totalitarian state — the People’s Republic of China. And it’s terrifying. As bad, if not worse, as anything Orwell imagined in 1984. It turns out that Human Rights Watch got its hands on a mobile surveillance app that Chinese security …
The U.S. Senate is coming after ‘loot boxes’(TechCrunch) Gamers feel passionately about loot boxes, turns out some elected officials do too. A new Senate bill was formally introduced today with bipartisan support and it could categorically shift how today’s top platforms and distribution platforms monetize the titles they sell. The bill’s int…
WikiLeaks Founder Julian Assange Charged in 18-Count Superseding Indictment(US Department of Justice) A federal grand jury returned an 18-count superseding indictment today charging Julian P. Assange, 47, the founder of WikiLeaks, with offenses that relate to Assange’s alleged role in one of the largest compromises of classified information in the history of the United States. Assistant Attorney General for National Security John C. Demers, U.S. Attorney G. Zachary Terwilliger for the Eastern District of Virginia, Assistant Director John Brown of the FBI’s Counterintelligence Division and Acting Assistant Director in Charge Timothy Dunham of the FBI’s Washington Field Office made the announcement.
San Jose startup claims Huawei exec ordered IP theft(Silicon Valley Business Journal) A back-and-forth lawsuit over allegedly stolen trade secrets took a new turn at a pretrial hearing, where San Jose-based CNEX reportedly claimed a Huawei executive ordered an employee to spy on the startup.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
Louisville Cybersecurity Conference(Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.