Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 22, 2019.
By the CyberWire staff
Google security researchers revealed that the Russian threat actor Sandworm uploaded malicious apps to the Google Play Store in an attempt to infect Android devices with malware, WIRED says. Google tracked the campaign back from Russian attempts at false-flag operations against the 2018 Winter Olympics.
State-style information operations can find their way into click-bait commercial marketing, as a Nisos inquiry into a US news start-up and its employment of writers based in Macedonia suggests. Far left or far right, as long as concocted, inflammatory news stories drive traffic, it seems to be a win, the New York Times reports.
LinkedIn's first Moderation Report, issued yesterday, says that the business-focused social network booted some twenty-one-million fake accounts last year, and the Telegraph wonders if the sock puppets were the work of spies. (If many of them weren't, then the world's intelligence services are asleep at the switch.)
Le Monde reports that the Rouen University Hospital-Charles Nicolle was attacked with ransomware on November 18th and is still working toward recovery. The BBC says the hospital has reverted to manual backups and refused to pay the ransom.
In India, the Parliamentary Standing Committee on Information Technology has opened an inquiry into the affair of the Pegasus infestation found in WhatsApp, the Business Standard reports,
Decipher points out that Internet sovereignty will do little to suppress cybercrime, but of course suppressing crime isn't really the point. To see a sovereign Internet in action, read WIRED's account of how sovereignty is being realized in Iran.
Today's issue includes events affecting Australia, Brazil, Canada, China, France, India, Iran, Democratic Peoples Republic of Korea, Macedonia, Qatar, Romania, Russia, Saudi Arabi, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.
Bring your own context.
Older software, after it's passed its end-of-life, can move on to a kind of afterlife, where its shade often exists in industrial control systems. Windows 7 crossed the River Styx some time ago, but you can still find it in those virtual Elysian Fields. What should be done about this?
"A lot of times, people just kind of put their head in the sand. OK, so you've got a Windows machine; it's running Windows 7. There's potential for exploits, but you've got a business decision because you've got to run your business that you're going to let that potential sit there. Well, maybe you need to invest in some tools that monitor that machine at a higher level to make sure it's not being exploited. So there's things you can do, but the No. 1 thing is evaluate your situation."
—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily Podcast, 11.20.19.
Work with the world’s experts in Dark Web analysis.
Based on years of law enforcement and military experience plus current work with international agencies, ReSecurity’s Hunter Unit pulls and analyzes the best data and delivers it in the most actionable format. We provide human-curated, in-depth analysis layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams tells us about the Panda cryptominer. Our guest is Keenan Skelly from Circadence, on getting the younger generation excited about cyber. (Kids today....)
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Cyber Threat Assessment: Rise of the Rest(The Aspen Institute) One of the most pronounced trends in recent years is the democratization and spread of cyber capabilities—the rise and maturation of high-level threats from the developing world and …
US Cyber Command Calling Out North Korean Hackers(CPO Magazine) U.S. Cyber Command uploaded a total of 7 new malware samples used by North Korean hackers to draw attention to tactics used to steal state secrets, conduct corporate espionage and find backdoors into the nation’s critical infrastructure.
The new Phoenix Keylogger tries to stop more than 80 security products to avoid detection(Mash Viral) Advertisement Screenshot of the Phoenix Keylogger logo, as it appears in an online ad. Image via HackForums A new keylogger called Phoenix that began selling in piracy forums during the summer has now been linked to more than 10,000 infections, Cybereason researchers said in a report today. Advertisement Released in July at HackForums, Phoenix Keylogger …
A Fake News Case Study(Nisos) The tools are inexpensive, anyone with a laptop and a social media account can be successful. The incentives are great, in both financial terms and as measured by outcomes.
Are LinkedIn's 21m fake accounts the work of spies?(The Telegraph) LinkedIn said that it removed more than 21m fake accounts in the first half of 2019, amid mounting evidence that the business-focused social network has become a battleground for duelling spies.
Holiday Shopping Exposes Web Security Risks(TALA Security) Modern website architecture creates opportunities for attackers. We have reviewed the top 1,000 websites and provide in our report our revealing insights, observations and data including how...
Bank of Hawaii warns customers of phishing scam(Honolulu Star-Advertiser) Bank of Hawaii issued a warning today of fraudulent telephone calls being made to customers and nonbank customers. The scammers are spoofing the bank’s real Bank of Hawaii Call Center number (1-888-643-3888), which appears on recipients’ Caller ID.
Robocall Scams Exist Because They Work—One Woman’s Story Shows How(Wall Street Journal) A caller impersonating an FBI agent persuaded Nina Belis to drain close to $340,000 from her bank accounts. He made use of new technology, psychological tricks and a knowledge of the banking system, and experts say the threats are proliferating.
Security Patches, Mitigations, and Software Updates
Magento Urges Users to Apply Security Update for RCE Bug(BleepingComputer) Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability.
Why BlackBerry Should Make A Bid On MobileIron(Seeking Alpha) BlackBerry’s ESS business needs a boost. Cylance integration and Spark will probably serve the company well. MobileIron could fast track the process and provide BlackBerry with thousands of new clients, positive free cash flow and valuable IP. The recent drop in MobileIron’s stock price could be the right opportunity. The company is now fairly valued.
Darktrace triples Chicago footprint with 10,290-SF lease(RE Journals) CBRE recently represented Darktrace, a leading cyber AI defense firm, in a 10,293-square-foot lease at 333 N. Michigan Avenue in Chicago. The move marks a significant expansion for the company, which opened its Chicago office in 2018 with just 2,858 square feet the building. Darktrace will now occupy a full floor at the property beginning in the second quarter of next year.
Verisk Launches New Home Inspection Customer Collaboration Tool, OneXperience(Yahoo) Verisk (VRSK), a leading data analytics provider, announced today the launch of OneXperienceä, a new InsurTech solution that enables digital engagement between policyholders and their insurers during a critical underwriting step—the home inspection. Traditional home inspections, conducted after coverage
CISA Invests in Cutting-Edge Election Security Auditing Tool Ahead of 2020 Elections(CISA) The Cybersecurity and Infrastructure Security Agency (CISA), is teaming up with election officials and their private sector partners to develop and pilot an open source post-election auditing tool ahead of the 2020 elections. The tool is being created by VotingWorks, a non-partisan, non-profit organization dedicated to building secure election technology.
A Sovereign Internet Will Not Combat Cybercrime(Decipher) The United Nations General Assembly will vote on a Russia- and China-backed resolution that claims to give governments tools to fight cybercrime. What it will actually do if it becomes a treaty, is allow governments to establish a sovereign Internet where they have full control of their country’s Internet and monitor all activities.
Virginia Approves 2020 Election Cybersecurity Standards(Government Technology) This year, the General Assembly passed HB 2178, calling for new, modern cybersecurity standards that must be met throughout the state before systems are allowed to access Virginia's election database.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
InfoSec Connect 2020(San Diego, California, USA, March 15 - 17, 2020) InfoSec Connect is a high profile, interactive meeting of senior-level cybersecurity leaders from top credit unions, US banks, insurances, and financial services companies. It’s a forum built to share...
ENISA Maritime Cybersecurity Workshop(Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...
WSJ Pro Cybersecurity Executive Forum(New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...
International Security Expo 2019(London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...
Insider Threat Program Development & Management Training(College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.
Dallas Cybersecurity Conference(Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.