skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now

Daily briefing.

North Korean cyber operations received renewed attention from both the US and India since late last week. US Cyber Command posted seven malware samples to VirusTotal. The malware is associated with Hidden Cobra (the Lazarus Group), and Cyber Command says they've been used for "fund generation and malicious cyber activities including remote access, beaconing, and malware command." Financial crime in particular has been characteristic of Pyongyang's cyber operations.

Reports continue to link North Korean cyber operators to recent incidents at India's Kudankulam nuclear power plant, CPO summarizes. What the Lazarus Group was after, assuming the attribution in the press holds up, remains unclear. As ZDNet pointed out two weeks ago, the operation could have been espionage, reconnaissance, staging, or simply collateral damage from some other campaign.

More curiously, ISRO, the Indian Space Research Organization, was also warned of a DTrack infestation, believed to be of North Korean origin, the Indian Express reports. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt.

BleepingComputer reports that the threat actor Microsoft tracks as "Platinum" is using a new, stealthy backdoor.

McAfee researchers note that Buran, a Russian-speaking gang offering a variant of VegaLocker ransomware, is competing in the ransomware-as-a-service market by cultivating customer relationships and offering competitive discounts.

SmarterASP sustained a ransomware attack late Sunday, posting status updates to its site and Facebook pages. The hosting service tweeted that its first priority is restoring its data servers.

Notes.

Today's issue includes events affecting China, India, Indonesia, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Russia, Saudi Arabia, South Africa, United Arab Emirates, United Kingdom, United States, and Vietnam.

Bring your own context.

Securing the supply chain involves attention to third-party, even fourth-party, maybe nth-party risk. How far down the supply chain do you go?

"It goes pretty far. I don't think it's the ability to kind of just be reliant on a questionnaire or a survey - is going to satisfy concerns or kind of the security risks that are present today. It's going to take actual baseline profiling of, you know, which IP addresses potential vendors are using in order to relay or have some sort of communications with your IT environment. It's going to be the exact sort of software that has to be downloaded, the versions that are being used, how software packages get updated. Those type of details are very important today in order to identify anomalous activity."

—Michael Sechrist, chief technologist at Booz Allen Hamilton, on the CyberWire Daily Podcast, 11.8.19.

So nth-party it would seem to be.

Do you know where the bad guys are getting in and what they are doing to put you at risk?

Today, it’s not enough to know what’s happening IN your network. Organizations must have situational intelligence as to what’s happening outside their environment - who’s targeting them, how are they behaving, and who’s working together to put your company at risk? Wherever those bad actors are, we’ll find them. ​We provide expert endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide. 

In today's Daily Podcast, out later this afternoon, we talk with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses browser vulnerabilities in Chrome and Firefox.

The CyberWire's Caveat is up. In this episode, "Slowly awakening to the problems we face," Ben looks at the cozy relationship between Ring and local law enforcement, Dave shares a story about a DNA tests and search warrants. Our listener on the line wonders about deleted emails. Our guest is Michael Chertoff, former US Secretary of Homeland Security, now head of the Chertoff Group.

Our latest CyberWire special edition podcast is out. We have a conversation with Andy Greenberg, senior writer at WIRED and author of the new book Sandworm - A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers. It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.

And Recorded Future's latest podcast, produced in cooperation with the CyberWire, is also up. In this episode, "Security Intelligence in the Digital Transformation," Recorded Future’s chief of intelligence solutions, Stuart Solomon, talks about the way in which the need for actionable, automated threat intelligence rises with the complexity of an organization's push for digital transformation.

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

Cyber Attacks, Threats, and Vulnerabilities

The Latest: UK Labour Party hit by large-scale cyberattack (Washington Post) Britain’s Labour Party says it has experienced a “sophisticated and large scale cyberattack” on its digital platforms

Russia’s Suspected Internet Cable Spy Ship Appears Off Americas (Forbes) The Yantar is equipped with deep-diving submarines and remotely operated vehicles. The suspicion is that she is involved in placing listening devices on undersea communications.

Cyber-attack against KNPPP and ISRO: The threat comes home (ORF) It is now evident that both Kudankulam Nuclear Power Plant (KNPP) and the Indian Space Research Organisation (ISRO), were the target of a cyber-attack or it could simply be an act of cyber espionage that originated in North Korea.

Not only Kudankulam, ISRO, too, was alerted of cyber security breach (The Indian Express) The breach at the Kudankulam plant became public on October 28 after some of the plant’s data showed up on virustotal.com, an online malware scanning service.

‘We were warned of cyber attack’: ISRO confirms reports of malware attack (News Minute) According to reports, Indian Space Research Organisation was alerted about the potential cybersecurity attack during the Chandrayaan-2 lunar landing mission.

India's doomed moon mission 'was hacked by North Korea' (Mail Online) Cyber experts said the Indian Space Research Organisation was one of five government agencies to come under attack. Pictured: the launch of the Chandrayaan-2 moon mission.

Malware Attack on Administrative Systems at India’s Kudankulam Nuclear Power Plant Thought to Be Connected to North Korea (CPO Magazine) India's largest nuclear power plant was recently under malware attack on their administrative systems, which was isolated and prevented attackers from gaining access to the plant controls.

Cyber Command flags North Korean-linked hackers behind ongoing financial heists (CyberScoop) The Pentagon has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heist.

U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (SecurityWeek) U.S. Cyber Command (USCYBERCOM) has added 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus.

US Cyber Command uploads new malware samples linked to North Korean state-backed financial heists (Computing) The samples include loaders, backdoors, and backdoor builders

WSJ News Exclusive | Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans (Wall Street Journal) Google is teaming with one of the country’s largest health-care systems on an ambitious project named “Project Nightingale” to collect and crunch detailed health information of millions of Americans across 21 states.

Glimpse malware uses alternative DNS to evade detection (SC Media) APT34 hacker group behind PowerShell-based malicious code

New Stealthy Backdoor Used by Platinum APT in Recent Attacks (BleepingComputer) The advanced persistent threat (APT) group tracked by Microsoft as Platinum is using a new stealthy backdoor malware dubbed Titanium to infiltrate and take control of their targets' systems.

Beware! World's Most Notorious Hacking Group Launches New Backdoor (Fossbytes) Platinum, the infamous Advanced Persistent Threat (APT) group has launched a new backdoor trojan named Titanium that has advanced capabilities of taking complete control over the target's PC. To evade security software, Titanium uses clever tricks like encryption, camouflaging as essential drivers, and delivering data stenographically in PNG images.

Platinum Cyberspies Use Sophisticated Backdoor in Attacks (SecurityWeek) A newly discovered backdoor associated with the Platinum APT has a long sequence of dropping, downloading and installing stages

New Buran ransomware-as-a-service tempts criminals with discount licenses (ZDNet) A new RaaS offering is attempting to undercut competitors to become established in the lucrative criminal space.

Buran Ransomware; the Evolution of VegaLocker (McAfee Blogs) McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other

Exposed: Private Amazon S3 bucket exposure (Sophos News) Even S3 buckets with “private” mode enabled are vulnerable to attack, make sure you secure the weak link.

Speeding MTTR when a third-party cloud service is attacked (Help Net Security) Optimal approaches to speed mean time to resolve (MTTR) minimize the impact of cloud-based service outages on your business.

Scandal of scammers on Google (Times) Google is making tens of millions of pounds from scammers who are using its search engine to lure savers to invest in high-risk or potentially fraudulent schemes, a Times investigation has revealed.

MegaCortex ransomware variant threatens data breach, alters credentials (SC Magazine) MegaCortex ransomware changes Windows passwords, threatens to publish stolen data if targets fail to pay

Here's How Scammers Tried to Dupe Trend Micro Customers (PCMAG) We speak to a Trend Micro customer who says she tried to warn the security vendor about a breach that was later revealed to have been carried out by a rogue employee. But 'I didn't think Trend Micro was treating it seriously,' she says.

DarkUniverse APT Stayed Hidden for 8 Years, Updated Regularly (National CSIRT-CY) Security researchers published technical details about malware used by a new threat actor that matches a signature in a scanner likely built by the U.S. National Security Agency and leaked more than two years ago.

Jarrett: How safe is the U.S. power grid? (Casper Star-Tribune Online) At any one time, the United States uses more than 400,000 megawatts of electricity. That’s a lot of power, and it takes a lot of nonstop work to keep it

Hackers Can Target LEADTOOLS Users With Malicious Image Files (SecurityWeek) Cisco Talos security researchers have discovered multiple vulnerabilities in the LEADTOOLS imaging toolkits that could lead to code execution on the victim system.

More BlueKeep Attacks Can Impact Vulnerable Windows Machines (Heimdal Security Blog) Microsoft believes that more BlueKeep attacks are around the corner and advises users to apply patches immediately.

Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash (Ars Technica) Metasploit module is being rewritten to fix incompatibility with 2018 Meltdown fixes.

BlueKeep Attacks Crash Systems Due to Meltdown Patch (SecurityWeek) The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to the Meltdown patch being installed.

Growing attacks using Accept-Charset exploit (Peerlyst) Juniper Threat Labs is seeing a growing attack on Accept-Charset HTTP Header. This request header allows the client to indicate what character sets, i.e., ISO-8859-1 or utf-8, are available for response.

Here's why LinkedIn is a 'gold mine' for foreign spies digging for corporate and government secrets (CNBC) LinkedIn is the biggest social media target for spies, according to current and former law enforcement officials.

10 Myths and Misconceptions About Industrial Espionage (Security Intelligence) Industrial espionage is real, it's common, and it can be very costly for your organization. Don't fall for the myths around this serious issue. Start preparing for the threat today.

Do you think you can recognize fake news on Facebook? (Help Net Security) Study participants wore a wireless EEG headset and were asked to read political news headlines in a Facebook feed and determine their credibility.

Sextortion Malware Evolves to Actually Record Target's Audio and Video (Computer Business Review) Security firm Proofpoint says it seen early evidence of new sextortion malware that drops a dedicated "pornmodule" onto a target's computers.

That Match You Met Online May Not Be Human (KNX 1070) Steve Dean, an online dating consultant, says the person you just matched with on a dating app or site may not actually be a real person.

Scammers favor malicious URLs over attachments in email phishing attacks (The Next Web) Emails containing malicious URLs made up 88 percent of all messages with malicious URL and attachments, underscoring the dominance of URL-based email threats.

Phishing attacks are increasingly sophisticated: here’s how to stay safe (IT Security Guru) The days of crude phishing attacks, which anyone with a little common sense could avoid falling victim to, are a thing of the past. Today’s cybercriminals are

Phishing email creators rely on a short shelf life to beat your defences (CSO) Cybercriminals rely on rapid cycling of kit design, target URLs to avoid detection

PayPal becomes phisher's favorite brand, Office 365 phishing techniques evolve (Help Net Security) Cybercriminals have begun to shift their focus to the construction of the email, leveraging randomization techniques to break through defense layers.

Five emails you don’t want in your inbox (Digital Forensics) Phishing attacks are the most common form of cyber attack. Why? The simplicity of email gives cyber criminals an easy route in, allowing them to reach users directly with no defensive barriers, to mislead, harvest credentials and spread malicious elements.

The future of spam is scary (IT PRO) AI, deepfakes and other tech could make spotting spam tougher, but spam fighters are using the same tools to keep our inboxes clean

AI wordsmith too dangerous to be released… has been released (Naked Security) The text-generating AI has only been released in neutered forms until now, for fear it would be used to mass-produce fake news and spam.

Holiday Shopping, Phishing, and Malware Scams (CISA) As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions:

Hoster SmarterASP.NET Taken Down by Ransomware (Infosecurity Magazine) Hoster SmarterASP.NET Taken Down by Ransomware. Over 440,000 customers may have been affected

Major ASP.NET hosting provider infected by ransomware (ZDNet) SmarterASP.NET, a company with more than 440,000 customers, said it's been hit by ransomware over the weekend.

Researchers Link Rise In Fatal Heart Attacks To Hospital Ransomware Attacks (HotHardware) A recent study determined that hospitals who had been hit by a cyber attack witnessed increased death rates among patients with heart issues

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin (KrebsOnSecurity) Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.

Data of ZoneAlarm Forum Users Leaked Following Breach (SecurityWeek) Check Point’s ZoneAlarm forum has been breached and the details of thousands of users have been leaked

Soldiers with top-secret clearances say they were forced to use an app that could endanger them (Washington Post) Soldiers in an Army intelligence unit inspected the terms of an app their commander ordered them to download. What they found could be compromising, soldiers said.

He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers (Wall Street Journal) Security researchers agree that for most people, adding text-message authentication is a big step up from only using a password. But that can leave you open to a harmful, relatively new attack called SIM swapping.

Exclusive: Baseband attacks can spy on popular Android phones (TechCrunch) The vulnerabilities affect at least ten popular Android devices, including Google's Pixel 2 and Samsung's Galaxy S8+.

Spanish MSSP Targeted by BitPaymer Ransomware (McAfee Blogs) Initial Discovery This week the news hit that several companies in Spain were hit by a ransomware attack. Ransomware attacks themselves are not new but,

QuikSilver and Billabong Affected by Ransomware Attack (BleepingComputer) Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world.

Experts Comments On Billabong And Quiksilver Hit By Cyber Attack (Information Security Buzz) t has been reported that hackers have launched a cyber-attack on the Billabong and Quiksilver websites. Boardriders Inc, the US company which owns Quiksilver and Billabong – both founded in Australia – was targeted by international hackers two weeks ago. Customers are still reporting problems while using the company’s websites. The Californian-based company’s international operations, IT systems, communications, sales and …

Apple removes Instagram stalking app from App Store (CNET) The Like Patrol app promised to keep tabs on partners' activity on Instagram. Apple says the app violated its guidelines.

Another Facebook hoax: Robbers still throwing eggs at car windows? (Naked Security) Bandits? Egg hurling?! Up to 92.5% visibility obscured??!! Don’t share this turkey, but do let us know if you decide to test your wipers!

Las Cruces school district to scrub 30,000 computers after cyber attack (Las Cruces Sun-News) Las Cruces Public Schools Interim Superintendent Karen Trujillo presented some updates Thursday on the recent cyber attack that targeted the school district, prompting a shutdown of internet servers and devices across the…

City network system almost fully restored after cyber attack (North Eastern Tribune) The City of Joburg has experienced a few challenges on their online services since their networks were breached a few weeks ago.

Mexico's Pemex says operations normal after cyber attack (Reuters) Mexico's state oil firm Pemex said on Monday that attempted cyber attacks t...

Cyber attack could have been avoided: hospital (The Standard) 'It was a case of being lucky that it hadn't happened yet'

Your gift cards are a top target for scammers this holiday season (CNBC) Gift card fraud is becoming more and more common among financial scammers, according to security experts. While consumers are now primed to routinely check their credit card reports and statements for mysterious transactions, it isn't often the same for gift cards.

Security Patches, Mitigations, and Software Updates

Microsoft confirms BlueKeep campaign, reiterates call to patch (SC Magazine) Microsoft confirms ongoing BlueKeep exploit; teams up with security researchers who initially spotted the attack

BlueKeep freakout had little to no impact on patching, say experts (Register) Admins snoozing on patching despite reports of active attacks

Adobe fixes SDK weakness affecting mobile apps (Naked Security) Researchers noticed that the main app configuration file, ADBMobileConfig.json, contained settings that could lead to security problems.

Apple is fixing encrypted email on macOS because it’s not quite as encrypted as we thought (The Verge) Apple may have known for months

When Windows 7 Dies, Don't Rely on Microsoft to Keep Your PC Safe (PCMAG) Microsoft will probably deliver critical patches after it ends Windows 7 support in January 2020. But it's not guaranteed, so users and organizations should upgrade to Windows 10 now.

Cyber Trends

2019 Payment Security Report (Verizon Enterprise) Read the 2019 Payment Security Report from Verizon Enterprise Solutions, which covers the efficacy of PCI security standards & data on creating compliance programs.

Security Predictions Reports (FireEye) Our annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year.

Data Breach QuickView Report 2019 Q3 Trends (Risk Based Security) Our QuickView Report is sourced from our product Cyber Risk Analytics® and has garnered media attention from publications such as Forbes and USA Today.

Identity Theft Email Attacks Rose In Third Quarter, Study Finds (MediaPost) While identity theft attacks rose, attacks from hijacked email accounts fell slightly, perhaps because criminal groups are gearing up, Agari reports.

Securing the mining industry as IT and OT systems converge (ITWeb) Digital transformation is disrupting every industry, and the mining sector is no exception, says Colin Blou, VP Global Sales for Claroty.

Amazon plans for a future where Alexa is everywhere – and runs our lives (The Telegraph) It’s the household device people love to hate.

Vulnerability Values Fluctuate Between White, Grey and Black Hats (Infosecurity Magazine) Varying amounts of money can be earned from an exploit broker, the dark web or from bug bounty programs

The Purple Tornado Releases DHS-Funded Report on Security of U.S. Voter Data Systems (PR Newswire) The Purple Tornado, a foresight and strategic intelligence consultancy that delivers thinktank research insights for corporate and government...

10 Statistics that Summarize the State of Cybersecurity in Financial Services | Bricata (Bricata) Cybersecurity statistics show financial services organizations are 300 times more likely to be attacked, experience hundreds of thousands of security alerts, and invest an average of $2,300 per employee in cybersecurity.

Marketplace

This New Cybersecurity ETF Could Benefit From Good Timing (Nasdaq) Cybersecurity is a prominent theme for both corporations looking to guard against data breaches and hacks as well as investors looking to profit from the exponential increase in spending devoted to this technology.

All the moving parts of Xerox's proposed HP takeover (CRN) Tom Wright considers the factors at play in the possible merger of two tech titans

Webroot owner Carbonite to be acquired for US$1.4 billion (CRN Australia) Software provider OpenText makes bid.

Ernst & Young acquires Sydney cyber security specialist Aleron (ARN) Ernst & Young Australia has acquired Sydney-based cyber security company Aleron for an undisclosed sum.

Synopsys to Acquire Certain IP Assets from eSilicon (Synopsys) Acquisition Will Expand DesignWare IP Portfolio and Add a Team of Experienced R&D Engineers to Serve Growing AI and Cloud Markets

Aqua Security Expands into CSPM with the Acquisition of CloudSploit (Aqua) Aqua protects the largest cloud native environments; with CloudSploit customers can now continuously monitor and manage their cloud security posture.

Infoblox acquires SnapRoute to simplify networking and deliver services more efficiently (Help Net Security) Infoblox announced the acquisition of SnapRoute, the creator of the industry’s first Cloud-Native Network Operating System (CN-NOS).

CloudVector Advances State of API Threat Protection with Automated & Continuous Discovery (Yahoo) ArecaBay rebrands as CloudVector, appoints Ravi Khatod CEO, gains $5M funding; CloudVector discovers, monitors and secures APIs to prevent data breaches LOS ALTOS, Calif. , Nov. 12, 2019 /PRNewswire/ -- ...

AhnLab, EST Security eye defense ministry's anti-virus project (Korea Times) AhnLab and EST Security are moving to join the bid for the Ministry of National Defense's biannual project to construct anti-virus software for military internet servers, company officials and industry sources said Friday.

Booz Allen Secures $116M DOE Cybersecurity Support Contract; Mark Gamis Quoted (GovCon Wire) Booz Allen Hamilton (NYSE: BAH) will analyze potential risks and vulnerabilities in Department of En

Cyberspace operations contract for Navy won by Parsons (Military Embedded Systems) Parsons Corporation won its first task order under a potential Naval Information Warfare Center Pacific (NIWC Pacific) indefinite delivery/indefinite quantity, multiple award contract. The contract was originally announced by NIWC Pacific in May 2019.

Bugcrowd Paid Over $500K in Bug Bounties in One Week (BleepingComputer) Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333)​​​​​​​ to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.

Maryland small businesses are incentivized to be cyber secure (The Southern Maryland Chronicle) By: Julie Miller, Open Maryland October is National Cybersecurity Awareness Month, and a great time for businesses of all sizes to

Please Stop Trying to Pay Me to Advertise Fake iOS Jailbreak Websites (Vice) An internet marketing firm asked me to promote a series of fake iOS jailbreak sites, including ones for jailbreaks that don't actually exist.

Ability Inc. Announces Receipt of Delisting Notification Letter From Nasdaq (West) Ability Inc. (NASDAQ: ABIL) (the “Company”), a leading provider of innovative tactical communications intelligence solutions, today announced that on November 6, 2019, it received a determination letter (the “Letter”) from The Nasdaq Stock Market LLC (“Nasdaq”) indicating that it did not comply with the Listing Rule 5550(b) (the “Equity Rule”) for continued listing on the Nasdaq Capital Market...

Products, Services, and Solutions

NSS Labs Announces 2019 Data Center Firewall / Security Gateway Group Test Results (NSS Labs, Inc.) Four of the industry’s leading data center deep inspection firewall products were tested to compare product capabilities for security effectiveness (exploit block rate, evasion techniques, and stability & reliability), total cost of ownership (TCO), and performance: Cisco, Fortinet, Juniper Networks, and Palo Alto Networks.

YouTube says it has ‘no obligation’ to host anyone’s video (The Verge) Other changes affect children’s content

Zurich Announces New Cyber Insurance for Manufacturing Industry (SecurityWeek) Swiss insurance company Zurich announces new cyber coverages for the manufacturing industry

Fortress Launches Innovative Collaboration To Help Protect The Power Grid From Cyber Threats (PR Newswire) Fortress Information Security (Fortress) today announced the launch of the Asset to Vendor Network for Power Utilities (A2V), a joint venture...

Accenture Launches Cyber Ranges for Industrial Companies (SecurityWeek) Consulting giant Accenture launches three cyber ranges designed to help industrial companies practice their cyberattack response plan

Vighter, LLC. Launches Cybersecurity Backed by Trust Lockdown™ (PR Newswire) Vighter is excited to announce the expansion of its service offerings to include cybersecurity backed by Trust Lockdown™. According to FBI...

Hillstone Networks' Microsegmentation Solution Gets a Big Upgrade with New Release of CloudHive (Yahoo) Hillstone Networks , a leading provider of Enterprise Security and Risk Management solutions, today released an upgrade to its microsegmentation solution ...

Unisys Announces new Automation Features (EnterpriseTalk) Unisys has announced two new automated features - Unisys Cloud Architecture Navigator and Cloud Compliance Director.

Bitdefender Delivers Innovations in Unified Endpoint Defense With Advances in Threat Prevention, Detection, Investigation and Response (PR Newswire) Bitdefender, a global cybersecurity leader protecting over 500 million systems across 150 countries, today announced new endpoint defense...

Accolade Technology Partners with Titan IC in Search Acceleration on FPGA-based SmartNICs and ATLAS Packet Conditioners (Titan IC) Titan IC provides hardware acceleration technologies for Deep packet inspection, pattern matching, string matching, content processing and text searching.

WatchGuard launches new ruggedised Wi-Fi access point (Security Brief) The WatchGuard AP327X is a new IP67-rated Wi-Fi access point (AP) with four N-Type connectors to support a variety of external antennas.

The Chertoff Group and Dragos Form Strategic Partnership to Help Industrial Organizations Improve Risk Mitigation, Threat Detection and Incident Response (BusinessWire) The Chertoff Group and Dragos, Inc. today announced the formation of a unique alliance that will provide a holistic approach to cybersecurity risk man

ZeroNorth Delivers New Platform Capabilities to Enable Developers and Drive Actionable Risk Intelligence - ZeroNorth (ZeroNorth) Risk-Based Vulnerability Orchestration Platform Enables Organizations to Better Manage Business Risk and Drive Security into DevOps

Siemplify Integrates MITRE ATT&CK Framework into Industry-Leading Security Operations Platform (Benzinga) Leading Independent SOAR Provider Enables Faster Investigations and Actionable Insights by Mapping with the Global Repository of Attacker Tools and Techniques NEW YORK (PRWEB)...

Virtusa Achieves HITRUST CSF® Certification to Manage Risk, Improve Security Posture, and Meet Compliance Requirements (West) Virtusa Corporation (NASDAQ GS:VRTU), a global provider of digital strategy, digital engineering, and IT services and solutions that help clients change and disrupt markets through innovation engineering, announced its Healthcare and Life Sciences practices have earned HITRUST CSF Certified status for information security by HITRUST on the following platforms: Active Directory, Endpoints, and Network Devices.

Image Protect Engages Top Digital Analytics Partner to Process Rapidly Growing Fotofy Image Library (Yahoo) via OTC PR WIRE -- Image Protect Inc. (IMTL) (imageprotect.com) (“Image Protect”, “IMTL”, or the “Company”), a global leader in the end-to-end copyright infringement sector, is excited to announce that the Company has officially engaged a leading

Technologies, Techniques, and Standards

Microsoft says it will follow California's digital privacy law in U.S. (Reuters) Microsoft Corp said in a blog post on Monday that it would honor California'...

How to Opt Out of the Sites That Sell Your Personal Data (Wired) It's much harder than it should be to get your name off of data broker and people-search sites, but it's possible.

Adobe’s Cyber Woes: How Leaders Can Create Security Resilience (Forbes) Last week, Adobe Inc. suffered a cyber breach wherein the email addresses of more than 7.5 million customers were exposed.

Teperik at NATO forum: resilience is about skills, mindset and attitudes (ICDS) ICDS Chief Executive Dmitri Teperik participated in the high-level panel discussion on “Investing in Resilience: the Power of Communication”, held in the framework of the NATO-Georgia Public Diplomacy Forum in Tbilisi, Georgia on 30-31 October 2019.

Believe the hype, but control the threat: Reducing the risk of ransomware - Help Net Security (Help Net Security) Ransomware is becoming an epidemic for any collection of data. Each day the attacks seem to be getting larger and more lucrative for cybercriminals.

Sensors and Sensibility (Stranded on Pylos) The most frustrating type of bad argument to refute are those which feature or rest upon a kernel of truth. In the worst, most-annoying scenario, one must deal with a counterparty that simply reass…

Security in the cloud: Facts vs fiction (Computing) There are anything from 13 billion to 21 billion smart devices online today. These estimates were presented by different speakers at a recent Westminster eForum... ,Cloud Computing ,workdaycloudhub

When is the right time to red team? (Help Net Security) Learn about managing red teaming. The team needs to be equipped with skills that will enable them to match what genuine black hats can muster.

Online voting is a really, really bad idea (Mother Jones) The consensus is in, but companies and states are still rushing ahead.

4 Principles That Helped a Former White House Official Make Cyber Security More Accessible (San Antonio Express-News) For the first time in history, the greatest threats to institutions and businesses alike are no longer physical.

Israel and US Prepare to Combat Hackers in Annual ‘Cyberdome’ Drill (Jewish Press) The Cyberdome exercise prepares for cyber-attacks from hackers threatening the national security of both countries.

Design and Innovation

How Facebook Gets the First Amendment Backward (Wired) The company’s fact-checking policy treats people who aren’t politicians as second-class citizens.

Instagram Will Test Hiding 'Likes' in the US Starting Next Week (Wired) Hiding like counts is just the latest step in Instagram’s quest to become the safest place on the internet.

Quantum Computing Holds Promise for Banks, Executives Say (Wall Street Journal) When quantum computing hits the market, the financial-services industry could be the first to benefit, a Goldman Sachs executive said at a quantum-computing panel event.

Should security shift from defence to containing attacks? (Computing) The risks of cyber attack are more than doubling every year. So should CIOs and CISOs rethink how they organise IT security, Nic Fearn asks.

Research and Development

Don’t Rush Quantum-Proof Encryption, Warns NSA Research Director  (Nextgov.com) Quantum computers could crack the codes that secure the world’s digital information but racing to a solution could create more threats, according to Dr. Deborah Frincke.

IARPA Picks Raytheon BBN, Three Universities for Data Extraction Tech R&D Program (GovCon Wire) The Intelligence Advanced Research Projects Activity has chosen four teams led by a Raytheon (NYSE:

IP Technology Labs Awarded Patent Enabling Penetrative Connectivity through NATs, Firewalls, & Routers (Yahoo) IP Technology Labs®, the global leader of reliable remote access and secure IoT connectivity solutions, today announced that the United States Patent and Trademark Office has issued US Patent #10,469,444 covering traversal techniques for establishing direct data paths without outside configuration of

Academia

Texas A&M-Central Texas awarded $4.2M cybersecurity grant (KWTX) A Central Texas university received a $4.2 million grant to research and help reduce cyber attacks, officials announced Friday.

Tandon Students Organize World’s Largest Cyber Security Competition (Washington Square News) Against a sullen gray background, a Tandon School of Engineering gymnasium was packed with colorful balloons and tables of excited competitors with eyes glued to their laptops, prepared to compete in the world’s largest student-led cyber security contest: Tandon’s annual Cyber Security Awareness Wee

ANU to run 'cyber bootcamp' for ASEAN officials (iTnews) Funded by DFAT.

Legislation, Policy, and Regulation

Secure cyberspace to save civilisation (Times) A jargon jungle and alphabet soup await anyone navigating internet governance. The technology is baffling. So is the plethora of watchdogs, commissions and committees. But few things matter more.

China’s New Encryption Law Highlights Cryptography as a Strategic Priority (CPO Magazine) China recently passed an encryption law to regulate encryption in public and private sectors, and also set forth guidelines for how cryptography should be used to help safeguard national security.

Mideast envoys urged to win ‘war in cyberspace’ (Arab News) Diplomats faced with increasingly sophisticated cybersecurity challenges were urged to “work together in cyberspace” at a specialist workshop in Riyadh.

House Dems Deal Death Blow to Domestic NSA Phone Spying (The Daily Beast) Hill sources tell The Daily Beast that they won’t save a surveillance effort so abusive that the NSA shut it down.

Two years in, how has a new strategy changed cyber operations? (Fifth Domain) This is the story of how, in two short years, a new cybersecurity strategy has forced the national security community to rethink cyber operations and how

Opinion | It’s not up to Mark Zuckerberg to decide what news is legitimate (Washington Post) We don’t need Facebook to regulate American democracy. We need democracy to regulate Facebook.

A Framework for Election Vendor Oversight (Brennan Center for Justice) Private companies supply vital elements of America’s election infrastructure but face almost no regulation. Federal standards are needed to ensure its security.

Opinion | Don’t abolish political ads on social media. Stop microtargeting. (Washington Post) The microtargeting of political ads may be undermining the united character of our United States.

Administration Issues Plan for Notifying Public of Foreign Election Interference (Wall Street Journal) The Trump administration released a framework summary outlining when it intends to notify Congress, election officials and the public about foreign interference operations that target American elections, in an effort intended to ensure its process is applied consistently and without political considerations.

Feds release new processes of notifying public about foreign election interference (CBS News) The summary document said the U.S. Secret Service will be notified of "all activity" targeting major presidential and vice presidential candidates

Statement on Sen. Wyden's Letter (Blog @ Voatz) While we have not been contacted by Senator Wyden or his office directly, we welcome any and all additional security audits by the Department of Defense and NSA regarding our platform…

It Is About Time the Federal Communications Commission Fights Back Against China (The National Interest) Long overdue.

Air Force to require cybersecurity audits of commercial satellite communications providers (SpaceNews.com) The Infrastructure Asset Pre-Assessment (IA-Pre) program will be run by the Air Force Space Command’s commercial satellite communications office.

The fight over 5G foreshadows the Great Decoupling (C4ISRNET) Congress is eager to see the Pentagon abandon commercial technologies made abroad, citing security concerns. How soon industry can help that to happen, however, remains to be seen.

What Keeps NSA Cybersecurity Boss Anne Neuberger Up at Night (Wired) At WIRED25, the NSA's Anne Neuberger talked election security, low-orbit satellites, and weaponized autonomous drones.

Senator criticizes HHS for not investigating exposure of millions of medical images (TheHill) Sen. Mark Warner (D-Va.) on Friday criticized the Department of Health and Human Services (HHS) for not taking action after a September report revealed the exposure of the medical images and sensitive health data of millions of Americans.

U.S. National Guard ready for potentially devastating domestic cyberattack (Defence Blog) The U.S. National Guard has confirmed that it is ready to mobilize its cyberdefenses in case of a potentially devastating domestic attack. Everyday the National Guard and other state agencies are p…

Litigation, Investigation, and Law Enforcement

Indian WhatsApp users ask government to explain ties with Israeli firm in privacy breach case (Reuters) A group of Indians including journalists and lawyers whose phones were hacked vi...

Chhattisgarh CM forms panel to probe WhatsApp privacy breach (Hindustan Times) Several rights activists, lawyers, and journalists on October 1 said that they had been identified as targets of phone hack aimed at snooping on them. It came a day after messaging services company WhatsApp went public with allegations against the NSO Group, which is known mostly as Pegasus, for having misused its platform to aid spying on around 1,400 people globally.

Pegasus: Targeted Activists, Lawyers Write Open Letter to Govt on Cyber Attack (The Wire) "Such widespread surveillance produces a chilling effect on the entire society and goes against every grain of our democratic tradition of a free exchange of ideas and expressions,“ the letter reads.

Spyware Maker NSO Promises Reform but Keeps Snooping (New York Times) Recent revelations in India show that the threat from the company’s spyware to activists and journalists isn’t limited to autocratic regimes.

WhatsApp groups in ‘admin only’ mode since Ayodhya verdict (The New Indian Express) Well before the landmark judgment, messages were doing the rounds on several WhatsApp groups, requesting users not to post any hate message or rumours.

FBI: Cybercrimes on the rise because of sophisticated scams (Washington Post) FBI agents are warning the public about cybercrime, with the numbers of victims and money stolen soaring in sophisticated scams

Twitter spy case highlights risks for big tech platforms (France 24) Twitter spy case highlights risks for big tech platforms

Twitter Saudi hack: Ripple effect from Silicon Valley to Riyadh to Main Street (Fox Business) Saudi national and Twitter employee Ali Alzabarah allegedly accessed data of more 6,000 users.

DOJ issues new warning to big tech: Data and privacy could be competition concerns (Washington Post) The Justice Department’s top antitrust official warned tech giants on Friday that amassing vast quantities of consumers’ data could create competition concerns in the eyes of federal regulators, marking the U.S. government’s latest shot across the bow at Silicon Valley and its size.

Leak of 4,000 Facebook documents heaps more trouble on internet giant (Naked Security) This week’s bold rebrand of Facebook to FACEBOOK can’t hide the growing sense that nobody is happy with the company right now.

Child Abusers Run Rampant as Tech Companies Look the Other Way (New York Times) Though platforms bar child sexual abuse imagery on the web, criminals are exploiting gaps. Victims are caught in a living nightmare, confronting images again and again.

Facebook failed to block child abuse videos after system glitch (The Telegraph) Facebook failed to stop child abuse footage from appearing on its website after a fault in the technology it uses to identify the videos.

Russian hacker to be extradited to U.S. from Israel, high court rules (NBC News) Alexei Burkove was arrested in 2015 while visiting Israel and is wanted in the United States on suspicion of cyber crimes.

IT services pro hacked former client’s email (Naked Security) An IT project manager has pleaded guilty to accessing the email account of a former client’s CEO, said reports this week.

Facebook and YouTube say they are removing content mentioning potential whistleblower's name (CNN) Facebook and YouTube said Friday that they were removing content that mentioned the potential name of the whistleblower whose complaint sparked an impeachment probe into President Trump.

Texas man accused of harassing family after teen's death (The Northern Virginia Daily) A Texas man who had an online relationship with a Linden teenager who committed suicide in 2018 has been federally indicted for allegedly harassing the family after the girl’s death.

Cyberhood watch: curtain twitchers become IT helpdesk for neighbours (The Telegraph) For decades Neighbourhood Watch has kept communities safe from local crimes such as thefts and burglaries.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Enfuse 2019 (Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...

Cybersecurity for Small Businesses (Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...

SecureWorld Seattle (Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Time Machine 2019 (Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...

QuBit Cybersecurity Conference (Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.