Try cloud-native network detection and response for free!
ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.
November 6, 2019.
By the CyberWire staff
Yesterday the US Departments of Justice, Defense, and Homeland Security joined the Director of National Intelligence, the FBI, NSA, and CISA to reassure Congress and the public that "unprecedented" security measures were in place to protect US elections. Some of those measures were on display in yesterday's off-off-year elections some states held.
FireEye CEO Kevin Mandia told CNBC's Mad Money that the biggest problem with election security isn't hacked voting machines, but rather misinformation disseminated over social media. Vice reports that disinformation relative to the 2020 elections is already flooding social media, and a study by Freedom House concludes that social media have increasingly become tools of influence operations and social control exercised by illiberal governments.
Not all politically themed campaigns are necessarily concerned with politics. Cisco's Talos unit describes how criminals use political phishbait in ransomware, scareware, and other attacks.
Kaspersky yesterday published a study of a hitherto unremarked APT, "DarkUniverse," which operated quietly between 2009 and 2017. The researchers see links between DarkUniverse and script found in the ShadowBrokers' 2017 "Lost in Translation" leak.
Facebook, which has been working to rein in developers' access to data, has found that an oversight in its Groups App gave video-streaming and social-media-management app developers access to private group member data like names and profile pictures.
Nikkei America, the New York-based subsidiary of Japan's Nikkei media group, acknowledged late last week that it had acted on instructions received in a business email compromise scam to transfer $29 million to a fraudster account.
Today's issue includes events affecting China, European Union, Iran, Democratic Peoples Republic of Korea, Russia, Singapore, United Kingdom, United States.
Bring your own context.
An insider threat is a disgruntled employee or a spy, right? Some nefarious turncoat, right? Nope.
"Right, so I don't even like the name, actually. I think one of the reasons that these programs are not often successful as they could be is because of that name, "insider threat," which sort of summons up these pictures of shady operators hanging around the water cooler doing dark deeds. Most insider threats are perfectly well-meaning employees that end up doing something foolish or getting convinced to do something foolish that compromises your data or your security in some way."
—Dr. Richard Ford, of Cyren, on the CyberWire's Special Edition Podcast on Insider Threats, 11.3.19.
Usually well-meaning, and very often not even especially careless or negligent.
Meet the team of leading experts dedicated to making the world a safer place.
If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses automated incident response. Carole Theriault speaks with Kristen Poulos from Tripwire about protecting the Internet-of-things.
And Caveat is up. In this episode, "The legislation can only do so much," Ben describes a potential loophole in medical-records privacy regulations. Dave shares the story of a woman ordered by a judge to unlock her mobile device. Our listener on the line wonders how digital assistants might run up against two-party consent laws. Our guest is Ray Walsh from ProPrivacy.com, discussing new legislation in California dealing with manipulated video and deepfakes.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
The Crisis of Social Media(Freedom House) What was once a liberating technology has become a conduit for surveillance and electoral manipulation.Internet freedom is increasingly imperiled by the tools and tactics of digital authoritarianism, which have spread rapidly around the globe.
Disclosure Does Little to Dissuade Cyber Spies(Dark Reading) In the past, outing nation-state cyber espionage groups caused a few to close up shop, but nowadays actors are more likely to switch to new infrastructure and continue operations.
Fake ransomware named after Donald Trump tries to trick victims out of a buck(CyberScoop) Donald Trump can add ransomware to the list of things named after him, thanks to scammers who again have demonstrated how current events create opportunities to steal data. Security researchers from Cisco’s Talos threat intelligence team on Tuesday published findings explaining how hackers are using the likeness of the president, his predecessor and other political figures to dupe victims into paying up.
Omron Network Configurator for DeviceNet (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Equipment: Network Configurator for DeviceNet
Vulnerability: Untrusted Search Path
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-134-01 Omron Network Configurator for DeviceNet that was published May 14, 2019, on the ICS webpage on us-cert.gov.
Interpeak IPnet TCP/IP Stack (Update C)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Omron CX-Supervisor(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vulnerability: Use of Obsolete Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability.
Long Island School District Hit With Cyber Attack(NBC New York) The small Sag Harbor school district had its server and computer systems disabled due to the hack. This isn't the first time this year a Long Island school district has been hit with a cyber attack, however. NBC New York’s Greg Cergol reports.
Security Patches, Mitigations, and Software Updates
An Essential FEMA Digital Certificate Update Comes From DAS(Radio & Television Business Report) Emergency video communications provider Digital Alert Systems has just released an important update of Federal Emergency Management Agency (FEMA) digital certificates used to authenticate messaging fr
GTIC Monthly Threat Report(NTT) During the month of October, the Global Threat Intelligence Center (GTIC) analysed vulnerability-specific activity within current, global, GMSSP data.... The DevSecOps Approach for Driving Better Outcomes, Lead Analyst: Kashif Hafeez, Senior Director, Product Marketing, WhiteHat Security...
The State Of E-Commerce Phishing 2019(NormShield) As the holiday season ramps up, cybercriminals are launching new fraudulent e-commerce sites to trick consumers into handing over personal and financial
Exclusive: Huawei calls hackers to Munich for secret meeting(TechCrunch) Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present i…
FCC formally approves T-Mobile-Sprint merger(TheHill) The Federal Communications Commission on Tuesday formally confirmed its approval of the T-Mobile-Sprint merger along party lines, clearing the final hurdle for government approval.
DataTribe Announces Finalists of Second-Annual Cybersecurity Startup Challenge(Citybizlist) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state experienced technical teams from the intelligence community, research labs, and industry-leading experts, announced today the three finalists of its second-annual DataTribe Challenge.
Forkast.Focus | HKFinTechWeek: Startups Capitalize on Cryptography in Medicine(Forkast.News) The increasing use of big data in the medical industry has left some concerned regarding their rights to privacy, though some companies are working on blockchain and cryptography applications to address the issues. California-based startup blockdoc is one such digital health and security company that is using advanced cryptography. Another is Blue Cross (Asia-Pacific) Insurance, …
Trustwave Launches Advanced Threat Detection and Response Services for Microsoft Azure(Trustwave) Trustwave announced the launch of services to bolster threat monitoring, detection and response natively in Microsoft Azure. As a preferred global managed security services provider (MSSP) partner, Trustwave is offering consulting and professional services and advanced threat detection and response services for Microsoft Azure to help enterprises address growing complexities securing cloud and multi-cloud environments.
The Evolution from Network Access Control to Network Segmentation(Forescout) For the past 20 years, the principles of network access control have remained mostly the same. Organizations would implement NAC in a super binary way. Devices were either allowed on the network or they were blocked. They either got corporate-level access or they were restricted to guest. Those were the options. But the technology landscape …
How to Tell if Your Network Firewall is at Risk(Monroy IT Services) There is no single solution for protecting your private network from intrusions like viruses, data theft, or targeted attacks. However, your network firewall is your first line of defense and requires regular maintenance. If you haven’t thought about your network...
MSPs must put their own cyber security first(NS Tech) In December 2018, the United States Department of Justice unsealed an indictment charging two Chinese nationals with intellectual property theft. Over the course of 12 years, the defendants alleged
China tries to gag UK universities(Times) The Chinese government has attempted to curb criticism on British campuses of its regime by pressuring universities into limiting academic freedom, MPs have said. “Alarming” evidence of Chinese...
Legislation, Policy, and Regulation
Inside the BlizzCon protests over China's grip on gaming(The Telegraph) Among the lavish orc and wizard costumes donned by attendees to BlizzCon 2019, the annual gaming fanfest hosted by World of Warcraft maker Blizzard, outfits of a different kind appeared in the halls of the Anaheim Convention Center.
TikTok faces lawmaker anger over China ties(TheHill) The massively popular social media app TikTok is struggling to assuage lawmakers’ concerns over its ties to the Chinese government and allegations that it is amassing data on U.S. users for Beijing.
Singtel, Ninja Van fined by privacy watchdog over separate data breaches(The Business Times) TELCO Singtel has been fined S$25,000 for a data breach involving its My Singtel mobile app, according to a decision released on Monday from the Personal Data Protection Commission (PDPC), Singapore’s official privacy watchdog and enforcer of the Personal Data Protection Act. Read more at The Business Times.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
AdvaMed Cybersecurity Summit(Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...
Chicago Suburbs Cybersecurity Conference(Chicago, Illinois, USA, November 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SINET Showcase(Washington, DC, USA, November 6 - 7, 2019) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Each year, SINET evaluates...
Health Data Stewardship & Privacy Summit(Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...
ACSC 2019: Collaborate(Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.