Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The next stop is Houston, TX!
May 29, 2019.
By the CyberWire staff
FireEye has identified extensive coordinated information operations in support of Iranian interests during US midterm elections. Inauthentic accounts tended to express opposition to President Trump, but their ideological slant, in American terms, was opportunistic. Some of the lines pushed represented themselves as progressive, others as conservative, but their common goal was to advance Iranian policy. Both Twitter and Facebook, tipped off by FireEye, have removed the accounts in question.
Politico observes that the Iranian activity indicates that other governments are cribbing from Russia’s information ops playbook. Exposing that playbook can be dangerous, as the Times explains in a profile of troll-hunting Finnish journalist Jessikka Aro, who’s drawn death-threats for her work.
Errata Security thinks that roughly a million machines are susceptible to exploitation of the BlueKeep Remote Desktop Protocol vulnerability. Trend Micro has looked at the risk BlueKeep poses and concludes that, while it may seem easy to trigger, actually achieving code execution on a target would be “incredibly challenging.” A more realistic danger, they think, is inducing DHCP (Dynamic Host Configuration Protocol) server service crashes, a denial-of-service condition that could enable attacks via a rogue DHCP server.
Forbes reports that other Saudi dissidents were affected with Pegasus spyware before the apparently Pegasus-connected, perhaps enabled, murder of Jamal Khashoggi.
An essay in the National Interest argues that Abu Bakr Al-Baghdadi is reorganizing ISIS to survive as a virtual community, with local “franchises” operating on the ground.
Huawei alleges that US sanctions amount to an unconstitutional bill of attainder, Computing reports.
Today's issue includes events affecting Austalia, Canada, China, European Union, Iran, Ireland, Israel, NATO/OTAN, New Zealand, Russia, Saudi Arabia, United Kingdom, United States, and Vietnam.
Bring your own context.
When threat phenomenology becomes threat metaphysics.
"I think we make one big ontological reorganization, or - I won't say discovery, but we essentially decided that what GOSSIPGIRL would mean to us was what we would begin to call a 'Supra Threat Actor.' Not to get too in the weeds of threat intelligence methodology and things that people might find to be too inside baseball, [but] essentially, in threat intelligence we tend to focus on threat actors - the idea that there is a cluster of activity that we can associate with a single entity, whether that's a criminal organization, or maybe an intelligence institution, or a group of mercenaries. Just a single organization. There's a deficiency there as we start to do more complex research, which is, what happens when we start to find different threat actors playing together? What happens when you see several independent threat actors with their own storied past, and their own malware platforms, and their own TTPs, their own ways of acting, clearly coming together for a common goal? We're not talking about somebody stealing somebody else's source code, or reusing open-source tools, or things like that that might get folks confused. We're talking about very complex platforms obviously being leveraged to play along."
—Juan Andres Guerrero-Saade, of Chronicle, discussing his team's work on the CyberWire's Research Saturday, 5.25.19.
Because the name of the threat can be "Legion," and because what they do is arguably more interesting than who they are.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
National Cyber Summit Job Fair, June 5, Huntsville.(Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Yoel Roth on Twitter(Twitter) “Earlier this month, we removed more than 2,800 inauthentic accounts originating in Iran. These are the accounts that FireEye, a private security firm, reported on today. We were not provided with this report or its findings.”
DuckDuckGo Android Browser Vulnerable to URL Spoofing Attacks(BleepingComputer) The open source DuckDuckGo Privacy Browser for Android version 5.26.0 with more than 5 million installs makes it possible for potential attackers to launch URL spoofing attacks targeting the app's users by exploiting an address bar spoofing vulnerability.
CVE-2019-0725: An Analysis of Its Exploitability(TrendLabs Security Intelligence Blog) We analyze the exploitability of CVE-2019-0725, a remote code execution (RCE) vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server.
New APT10 Activity Detected in Southeast Asia(SecurityWeek) Researchers have detected what they believe to be new activity from Chinese cyber espionage group, APT10. The activity surfaced in the Philippines and shares similar tactics, techniques, and procedures (TTPs) and code associated with APT10.
Emerson Ovation OCR400 Controller(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: EmersonEquipment: Ovation OCR400 ControllerVulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities may allow privilege escalation or remote code execution, or it may halt the controller.
Stolen NSA Tool Wreaks Cyber Havoc on US Cities(Ride The Lightning) As the New York Times reported on May 25th, for nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts...
Interns and Social Media: A Goldmine for Hackers(Security Intelligence) A social media post from one of a company's interns was all this people hacker needed to enter a secure area with a counterfeit employee badge. Learn tips for welcoming new employees securely.
Privilege Escalation Flaw Present In Slick Popup Plugin(Wordfence) In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, we ...Read More
Amazon adds ‘Alexa, delete what I said today’ command – TechCrunch(TechCrunch) Buried in the this morning’s Echo Show 5 announcement are a couple of new security features worth highlighting. In addition to the inclusion of a built-in camera shutter on the new smart display are a pair of Echo commands that let users delete voice recordings with an Alexa command. “A…
FireEye snags security effectiveness testing startup Verodin for $250M(TechCrunch) When FireEye reported its earnings last month, the outlook was a little light, so the security vendor decided to be proactive and make a big purchase. Today, the company announced it has acquired Verodin for $250 million. The deal closed today. The startup had raised over $33 million since it opene…
PageFreezer Achieves ISO 27001 Certification(Yahoo) PageFreezer, a leading web and social media compliance archiving and data loss prevention provider, announces companywide ISO 27001 certification of in-house processes. PageFreezer Software is today announcing that it has earned ISO 27001 certification
VinaPhone Selects KoolSpan to Power ProCall Secure Communications Solution(AP NEWS) VinaPhone ( http://vinaphone.com.vn ), the leading provider of advanced telecommunications technologies and services to government, enterprise, small & medium-sized business, and consumers in Vietnam announces its partnership with KoolSpan to power VinaPhone ProCallTM, the secure mobile communications solution for Vietnam.
Don’t Mistake Compliance for Security(WhiteHat Security) Is your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable to your organization? If you answered yes, congratulations. Now, a follow-up question. Is your organization actually secure? These are two distinct considerations.
What I Learned Trying To Secure Congressional Campaigns(Idle Words) You know how it happens. You try to secure one Congressional campaign, and then another, and pretty soon you can't stop. You'll fly across the country just to brief a Green Party candidate in a district the Republicans carried by 60 points. You want more, more, always looking for that next fix.
Ireland Gets About Double the Average Breach Reports Under GDPR(BleepingComputer) The Irish data .watchdog says that it received almost double the number of valid data security breach notifications when compared to the European Union average, with 5,818 reports being filed in Ireland since May 25, 2018, while other EU member states received around 3,188 notifications during the last year.
CrowdStrike settles lawsuit as it preps for IPO(PitchBook) After two years, software developer CrowdStrike has settled a lawsuit with NSS Labs related to product testing. The settlement comes not long after the cybersecurity unicorn filed to go public.
Social Media Monitoring(Brennan Center for Justice) How the Department of Homeland Security Uses Digital Data in the Name of National Security
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Banking Cyber Security Forum London(London, England, United Kingdom, June 18, 2019) The Banking Cyber Security Forum is an exclusive, top flight event exclusively for senior banking executives, set to address each of these challenges and opportunities and encourages peer-to-peer conversation...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
Louisville Cybersecurity Conference(Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.