Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 20, 2019.
By the CyberWire staff
Louisiana continues its recovery from the ransomware attack it sustained Monday. Many services have been restored, but all seventy-nine of the state's Office of Motor Vehicle (OMV) locations remained closed throughout Tuesday, despite earlier estimates that they would reopen by midday. The delay is due to the fact that all of OMV's computers have to be reimaged, according to the Advocate. StateScoop says the attack involved the Ryuk ransomware. KPLC TV reports that the infestation originated with an "unauthorized download" on a state computer, which is no surprise at all.
Trustwave is tracking a spam campaign that uses a phony Windows update notification to distribute a malicious attachment that carries Cyborg ransomware. Cyborg, unfortunately, is easily used by anyone who gets a hold of the Cyborg Builder, which has been available on GitHub.
Hotel reservation company Gekko Group exposed terabytes of customer data in an unsecured Elasticsearch database, CNET reports.
Reuters has an account of the answers the US House Judiciary Committee has received so far in its antitrust inquiry into Big Tech. Facebook, Apple, Amazon, and Google were the companies who went under scrutiny.
Thomas Osadzinski, a computer science student at Chicago’s DePaul University, was arrested by the FBI and charged with writing code for ISIS. Specifically, according to ZDNet, he’s alleged to have been working on a Gentoo Linux distro intended to help the terrorist organization better handle their multimedia propaganda accounts. At least two of his online ISIS contacts turned out to be FBI, working under cover.
Today's issue includes events affecting Australia, Estonia, Isle of Man, Montenegro, New Zealand, Russia, Slovakia, Uganda, United Kingdom, United States.
Bring your own context.
How can you effectively test the security of an industrial environment without creating safety risks? "Purple-teaming" can be a more visible, collaborative process that retains many of the benefits of red-teaming.
"And that testing of the defensive people in real time is not what you get in purple-teaming. You do get that in red-teaming. But because you're moving it a little further over to the right and purple-teaming, you're getting much more collaboration and kind of education throughout the process versus what sometimes come off as a test – even though that's not always fair, there's a lot of red teams that do educate along the way. But hopefully that's kind of clear on the difference of, I'm going to emulate the threat, be adversarial, and we're going to test you, and you're gonna learn from that versus I'm going to think adversarial, show you what we could do, but we're going to handhold each other throughout this process and put a hyper-focus on the defense throughout it."
—Robert M. Lee, CEO and founder of Dragos, on the CyberWire Daily Podcast, 11.15.19.
Work with the world’s experts in Dark Web analysis.
Based on years of law enforcement and military experience plus current work with international agencies, ReSecurity’s Hunter Unit pulls and analyzes the best data and delivers it in the most actionable format. We provide human-curated, in-depth analysis layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
The CyberWire's Caveat is up. In this week's episode, "Lessons learned from environmental legislation," Dave has a story about Google drawing the attention of HHS for gathering medical patient data. Ben shares news on the ability of the government to search your electronic devices at the border. Our guest is Bret Cohen, president and CEO from Tier 1 Cyber. He shares his insights on some of the parallels between data security and privacy laws and environmental legislation.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Android Camera App Bug Lets Apps Record Video Without Permission(BleepingComputer) A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.
Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder(Trustwave) Recently, fake Microsoft Windows Update emails were spammed. The email, claiming to be from Microsoft, contains just one sentence in its email body which starts with two capital letters. It directs the recipient’s attention to the attachment as the “latest critical update”.
Out of Season IRS Phishing Campaigns(Akamai) Over the past two months, Akamai’s threat research team has been closely monitoring a phishing campaign that impersonates the official Internal Revenue Service (IRS) website, and is requesting sensitive information, email addresses, and passwords.
Flexera FlexNet Publisher(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: FlexNet Publisher
Vulnerabilities: Improper Input Validation, Memory Corruption
2. RISK EVALUATION
These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution.
Why you shouldn’t print your boarding pass(NewsComAu) At a time when it seems like nothing online is safe – especially when it comes to travelling – an old-school, paper boarding pass might seem like the safest option.
Security Patches, Mitigations, and Software Updates
Graphcore and Microsoft announce new AI partnership(Business Leader) Bristol-based unicorn business Graphcore has announced a new partnership with global tech brand Microsoft, which will see the two companies work together on new artificial intelligence (AI) technologies.
Tanium taps the ‘cranium strain’ in security & IT Ops(Computer Weekly) We know that the software application development (Dev) function has been struggling for some years to overcome its previous disconnects with the operations (Ops) function. The coming together of ...
Australian Government Releases First Version of IoT Code of Practice(Analytics Insight) The government of Australia has released the first version of its IoT Code of practice. This voluntary code is aimed at the IoT industry. It outlines 13 security principles that represent the standards for IoT devices that are needed to follow by device manufacturers, IoT service providers, and application developers.
Commerce Gives Rural Telecoms More Time With Huawei(Yahoo News) The U.S. Commerce Department's Bureau of Industry and Security (BIS) on Nov. 18 extended a temporary general license 90 days to give mostly rural telecommunication services providers more time to continue their existing business deals with Huawei Technologies Co. Ltd.
India says law permits agencies to snoop on citizen’s devices(TechCrunch) The Indian government said on Tuesday that it is “empowered” to intercept, monitor, or decrypt any digital communication “generated, transmitted, received, or stored” on a citizen’s device in the country in the interest of national security or to maintain friendly relations with foreign state…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberCon 2020(Bismarck, North Dakota, USA, October 6 - 7, 2020) Our vision for this annual event is “to bring awareness of Cyber Security through collaboration and education” and for 2020, we will again focus on the critically important roles that both cyber security...
CyberCon 2019(Anaheim, California, USA, November 19 - 20, 2019) CyberCon 2019 targets executives, leaders and decision makers from the power and utilities and cybersecurity industries, including CEOs, CFOs, COOs, CSOs and CISOs, as well as national security advisors,...
CyberCon(Anaheim, California, USA, November 19 - 21, 2019) CyberCon is a solutions-based cybersecurity conference connecting executives and decisions makers in the power and utilities sector to cybersecurity experts and industry specific solutions. By attending,...
Infosecurity and ISACA North America Expo and Conference(New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions...
PCI SSC 2019 Asia-Pacific Community Meeting(Melbourne, Australia, November 20 - 21, 2019) The PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry...
Cyber Security X Atlanta(Atlanta, Georgia, USA, November 20 - 21, 2019) Cyber Security X Atlanta is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.