Reduce fraud, minimize the attack surface and save millions of dollars.
Let Resecurity collaborate across your vulnerability and risk, threat intelligence, penetration testing and broader security teams to quickly reduce fraud, minimize the attack surface and shut down ongoing attacks, ultimately saving your company millions of dollars. We constantly research the latest techniques and tradecrafts of cybercriminals and nation-state actors, and analyze massive amounts of data in order to stay ahead of the bad actors.
November 25, 2019.
By the CyberWire staff
A leak (obtained by the ICIJ) and a defection (reported by the Times and others) appear respectively to shed light on China's repression of its Uighur minority and on the country's espionage operations.
Qihoo 360 says it's detected a major cyber surveillance campaign against targets in Kazakhstan. Qihoo calls the group "Golden Falcon;" Kaspersky tells ZDNet that they think this is the APT previously tracked as DustSquad. Neither company offers any attribution beyond that, but they say the group appears to be Russian speaking. In itself that means little: there's no shortage of Russian speakers in Kazakhstan.
Very large data leaks from exposed servers have compromised a total of about 1.2 billion records, some four terabytes of personal data. Data Viper suggests that People Data Labs and OxyData, two data aggregation and enrichment shops, were the source of the exposure. The data include home and cellphone numbers, email addresses, social media profiles (Facebook, Twitter, LinkedIn, and GitHub), work histories (apparently from LinkedIn). About fifty-million unique phone numbers and six-hundred-twenty-two-million unique email addresses were exposed, but no passwords, Social Security Numbers, or paycard information.
Citing national security concerns surrounding 5G networks, the US Federal Communications Commission has prohibited using Universal Service Funds to purchase Huawei or ZTE equipment.
Russia's Duma has banned devices that don't come with certain preloaded Russian software, Computing reports.
Louisiana's recovery from the Ryuk ransomware that afflicted state government systems is proving more protracted than officials had hoped: Governor Edwards on Friday declared a state of emergency.
Today's issue includes events affecting Australia, Canada, China, Estonia, France, Ghana, Iran, Kazakhstan, New Zealand, Nigeria, Spain, Russia, South Africa, Ukraine, United Kingdom, United States, and Venezuela.
Bring your own context.
Cryptomining is probably not going to make you rich enough to retire to Chappaqua, or Mar-a-Lago, or even a nice yacht somewhere in the Black Sea, and yet cryptojacking persists. Why is this?
"The reason malware authors turn towards cryptomining is because, unlike ransomware or other profitable means, it's relatively easy to get away with, right? Most people are never going to know if a cryptominer has been installed in their network. And because there's no damages, law enforcement is not going to put it anywhere near the top of their priority list. I mean, if you think about it - right? - what's the actual damage caused to most networks from cryptomining? Well, it's going to be processor usage, some - I guess you could argue power consumption. That's really hard to assign a number to. And without that number, law enforcement [agencies] are really going to turn a blind eye to it. So from an adversary's perspective, cryptomining - basically significantly less risk, no damages, so not really furious victims coming after you, and it's going to be a slow, steady and consistent payout. And because no one knows that they're infected, well, it's going to keep paying out for the foreseeable future."
—Craig Williams, head of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 11.22.19.
Like a stable dividend-paying stock in your 401k, only, like, also illegal.
Executives are the backdoor into your organization. Who’s patching that?
Every day, companies are under cyberattack and the personal lives of executives are a weak spot. For too long corporate teams have been unable to protect the executives in their personal lives due to privacy laws/implications and SEC impacts. BlackCloak provides a Concierge Cybersecurity™ solution for these evolving threats and offers a customized cloak of protection to protect corporate executives in their personal lives. Enlist BlackCloak for your executive cyber protection.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019 EMEA(London, United Kingdom, December 3 - 4, 2019) Join us at NXTWORK 2019 in London to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, breakout sessions, as well as various opportunities for certification testing and training.
Extensive hacking operation discovered in Kazakhstan(ZDNet) Researchers say an advanced hacking group has been using custom-developed hacking tools, expensive surveillance kits, mobile malware, and radio communications interception hardware to spy on Kazakhstan targets.
Forensic Acquisition of Apple TV with checkra1n Jailbreak(ElcomSoft blog) Are you excited about the new checkm8 exploit? If you haven't heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The
BlueKeep Threat Situation Overview: Low Levels of Attacks, Maintain Watchfulness(Proofpoint US) In May 2019, Microsoft released security updates for CVE-2019–0708, an unauthenticated, SYSTEM-level, network-based remote code execution (RCE) vulnerability. This vulnerability has been widely dubbed “BlueKeep”. This blog provides background on the vulnerability and an update on the threat landscape based on analysis by the Proofpoint Threat Insight Team.
Allied Universal Breached by Maze Ransomware, Stolen Data Leaked(BleepingComputer) After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made.
Ransomware Attackers Leak Stolen Data(BankInfo Security) Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom. Security experts
Advisory: Squid Multiple High-risk Vulnerability(NSFOCUS, Inc.) Vulnerability Description On November 5, local time, Squid officially released a security bulletin to fix multiple vulnerabilities, including a high-risk buffer overflow vulnerability that could lead to code execution (CVE-2019-12526), an information disclosure vulnerability (CVE-2019-18679) And HTTP request splitting problem (CVE-2019-18678). Squid is a popular open source Internet proxy and web caching application. It can …
Gov. Edwards declares State of Emergency following cyber attack(KATC) Gov. John Bel Edwards on Friday declared a State of Emergency following a cybersecurity incident that affected state servers this week, allowing several agencies to take actions, including waiving fees and fines, to assist members of the public.
Thwarting hackers(Uvalde Leader-News) Commissioners hear of cybersecurity efforts Julye Keeble Staff writer “Eighty percent of hacking-related breaches are from stolen passwords. If you think about it, how many passwords do you have that are probably pretty similar to each other,” said sales engineer Lydia McCloskey with HTS Voice and Data Systems. “And 85 percent of businesses with less …
More than 1 million T-Mobile customers exposed by breach(TechCrunch) T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack. The company…
OnePlus Exposed Customer Order Information in Data Breach(BleepingComputer) Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization.
Vulnerability QuickView 2019 Q3 Trends(Risk Based Security) Our QuickView Report is sourced from our product VulnDB® and has garnered media attention from publications such as TechRepublic and Help Net Security.
Darktrace Begins Preparations as Public Company, Nears CFO Hire(Yahoo) (Bloomberg) -- Darktrace Ltd. is close to naming a chief financial officer as the U.K. cybersecurity unicorn sets itself up to be run like a public company.The firm hasn’t made a decision about whether to hold an initial public offering, co-chief executive officer Poppy Gustafsson said in an interview
A10 Hires New CEO, No Word on Potential Sale(SDX Central) Almost four months after announcing that its CEO and President Lee Chen was on his way out, A10 Networks said it selected Dhrupad Trivedi to lead the company, effective Dec. 2.
Verizon Business throws a zero trust lasso around its private IP networks(FierceTelecom) Verizon Business is shielding its private IP networks by embedding a software-defined perimeter service to create a zero trust architecture. Verizon's zero trust technology blocks connectivity to servers and applications from unknown devices, which makes corporate data virtually invisible to anyone that doesn't have approved access.
Technologies, Techniques, and Standards
Safeguarding SCADA Systems(Water & Wastes Digest) Supervisory control and data acquisition (SCADA) systems are an integral factor for operating any modern water collection, treatment or distribution operation. SCADA systems may consist of a few local controllers and operator interfaces or may be far more complex configurations that include networking, radio telemetry,
Bug Bounties Alone Won't Make You Secure(Forbes) With both Apple and Google each offering one million dollars for bugs, Katie Moussouris, CEO of Luta Security, thinks things may have gotten a little out of hand.
Utilities Targeted in Cyberattacks Identified(Wall Street Journal) More than a dozen U.S. utilities that were targets in a recent wave of cyberattacks have been identified by The Wall Street Journal. Some of the utilities are strategically located near dams, locks and other critical infrastructure.
Russian cyber firm hounded in US helped NSA bust 50TB data breach – report(Stock Daily Dish) Russian cyber firm hounded in US helped NSA bust 50TB data breach – report Kaspersky Lab may be portrayed by the US media as an extension of the Russian government using its antivirus software to snoop on gullible Americans, but in 2016 it helped the NSA to bust a massive security breach.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ENISA Maritime Cybersecurity Workshop(Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...
WSJ Pro Cybersecurity Executive Forum(New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...
International Security Expo 2019(London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...
Insider Threat Program Development & Management Training(College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.
Dallas Cybersecurity Conference(Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.