Reduce fraud, minimize the attack surface and save millions of dollars.
Let Resecurity collaborate across your vulnerability and risk, threat intelligence, penetration testing and broader security teams to quickly reduce fraud, minimize the attack surface and shut down ongoing attacks, ultimately saving your company millions of dollars. We constantly research the latest techniques and tradecrafts of cybercriminals and nation-state actors, and analyze massive amounts of data in order to stay ahead of the bad actors.
November 27, 2019.
By the CyberWire staff
RiskIQ offers an updated warning about a recently discovered cybercriminal outfit they've called "Full(z) House." The gang operates in two ways: credential and private information phishing, and then skimming or phishing paycards during e-commerce checkouts. Their goal is fullz: paycard information plus extensive associated PII.
Phishing is a common nation-state tactic as well. Google, which tracks more than two-hundred-seventy government-run groups operating on behalf of about fifty countries, reports that between July and September it issued more than twelve-thousand warnings to victims in one-hundred-forty-nine countries, as close to everywhere as makes little difference. Google notes that this is about the same warning rate, give or take ten percent, they observed during the same period in 2017 and 2018.
ESET has found a cryptojacking campaign that operates through YouTube videos' descriptive texts. The operators behind the Stantinko botnet have added some Monero-mining functionality to their malware.
BleepingComputer offers an account of a new strain of ransomware, "DeathRansom," that's upped its game. The earlier infestations researchers observed didn't actually encrypt the victims' data at all, but merely appended a dot-wctc extension to affected files. DeathRansom last week began encrypting the files. Researchers see a possible connection, at least in terms of infection vectors, to STOP ransomware.
Microsoft reflects on lessons learned from a year tracking the polymorphic Dexphot threat. In sum, ordinary threats are showing increased sophistication.
Following the direction provided this spring by Executive Order 13873, the US Commerce Department has proposed rules for securing the IT and communications supply chain.
Today's issue includes events affecting Australia, Belarus, Canada, Central African Republic, China, Germany, Indonesia, Israel, Kazakhstan, Madagascar, Qatar, Russia, Saudi Arabia, South Africa, Sudan, Ukraine, United Kingdom, United States.
Bring your own context.
Mustang Panda is a threat group with some pretty specific interests.
"A group is specifically interested on collecting intelligence from the neighboring countries or the countries involved in the Belt and Road Initiative. So at the time of research, most of the C2 servers were actually down, so we were not able to reach out to the C2 or we were not able to find what exactly it is trying to exfiltrate from the victim, because all the activity that the malicious shortcut file does is it installs the first-stage payload, and it's going to retrieve the second-level payload from the C2 server. So once the victim receives the second-level payload, it is going to perform the next set of activities. Be wary about the emails that you are opening, because the most common infection vector is the email."
—Anomali security researcher Parthiban, on the CyberWire's Research Saturday, 11.23.19.
So if you're around the Belt and Road Initiative, you may not be interested in Mustang Panda, but Mustang Panda may well be interested in you.
And a quick note to our readers: we'll be observing the long Thanksgiving holiday tomorrow, Friday, and Saturday. We'll be back as usual on Monday, December 2nd. In the meantime, a happy Thanksgiving to all.
Executives are the backdoor into your organization. Who’s patching that?
Every day, companies are under cyberattack and the personal lives of executives are a weak spot. For too long corporate teams have been unable to protect the executives in their personal lives due to privacy laws/implications and SEC impacts. BlackCloak provides a Concierge Cybersecurity™ solution for these evolving threats and offers a customized cloak of protection to protect corporate executives in their personal lives. Enlist BlackCloak for your executive cyber protection.
The CyberWire's Caveat podcast is also up. In this episode, "Compliance, regulation and small businesses," Dave wonders if a case involving a GPS tracker has drifted toward absurdity. Ben reviews a Pew survey on attitudes toward privacy. Our guest is Aleksandr Yampolskiy from Security Scorecard. He shares his thoughts on privacy legislation and the crypto wars.
And Recorded Future's latest podcast, produced in partnership with the CyberWire, is out, too. In this episode, "From Infamous Myspace Wormer to Open Source Advocate," they hear from Samy Kamkar, who wrote the Samy worm that afflicted MySpace. He was eventually sentenced to probation, community service, and a hefty fine, but since then, he's worked on security research, with a specific focus on open source software. They caught up with Samy at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C., where he was delivering one of the keynotes.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019 EMEA(London, United Kingdom, December 3 - 4, 2019) Join us at NXTWORK 2019 in London to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, breakout sessions, as well as various opportunities for certification testing and training.
Insights from one year of tracking a polymorphic threat(Microsoft Security) We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
DDoS: An Underestimated Threat(Dark Reading) Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
ABB Relion 650 and 670 Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Relion 650 and 670 Series
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to reboot the device, causing a denial of service.
ABB Relion 670 Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Relion 670 Series
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device.
Snapshot: Top 25 Most Dangerous Software Errors(Department of Homeland Security) The Common Weakness Enumeration (CWE) list of the 25 most dangerous software errors is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software.
Additional OMV offices reopening across Louisiana after cyber attack(KSLA) Louisiana State Police identified eight Louisiana Office of Motor Vehicles (OMV) locations across the state which will reopen Monday, Nov. 24 after an issue indirectly linked to a cyber attack that crippled state government Monday, Nov. 18 led to extended closures at locations statewide.
DiBella's sub shops hit with cyberattack(Times Union) Customers of DiBella's Subs, including shops in the Capital Region, are being urged to check their credit and debit card bills after the company was hit with what authorities said was a highly sophisticated cyberattack carried out between March 22 and Dec. 28, 2018.
Security Patches, Mitigations, and Software Updates
Tripwire on Twitter(Twitter) “Black Friday and Cyber Monday are around the corner. Do you think that there is enough awareness amongst the general public of the potential cybersecurity threats they face?
UK Cyber-security skills gap ‘at breaking point'(Netimperative - latest digital marketing news) A new, in-depth piece of research conducted amongst UK CIOs and senior IT professionals has revealed that the cybersecurity skills gap has reached a crisis point.
Xerox turns to HP shareholders in takeover proposal(Silicon Valley Business Journal) Xerox said it would take its proposal for a $33bn takeover of HP directly to the personal computer maker’s shareholders, escalating hostilities between the two companies.
Trend Micro Leads the Industry in Hybrid Cloud Security Market Share(Trend Micro Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced it has been named by IDC as the #1 vendor in Software-Defined Compute (SDC) workload protection, according to the analyst firm’s new independent report: Worldwide Software Defined Compute Workload Security Market Sh
Google’s tensions with employees reach a breaking point(KFOR.com) For years, Google was seen as the gold standard of office life. The company pushed workplace culture to new frontiers with enviable benefits such as free meals, office slides, onsite childcare and an emphasis on transparency. But Google is quickly developing a very different reputation as it confronts a mounting backlash from its own employees.
Xiologix appoints Brian Page as CTO(Help Net Security) Xiologix is excited to announce that Brian Page has joined the team as the new Chief Technology Officer (CTO), bringing over 20 years of experience.
CUJO AI Announces Appointment of Kimmo Kasslin as VP of Labs(Yahoo) CUJO AI, a cybersecurity and network intelligence software provider for network operators, announced today that cybersecurity expert Kimmo Kasslin joined the CUJO AI team and has been appointed vice president to lead CUJO AI Laboratories operations, ensure smooth and efficient processes, and further
Why incident response is not limited to IT security matters(Manila Standard) Almost half (46%) of enterprises worldwide experienced at least one data breach in 2018, with victims including such well-known names as Marriott International and British Airways. That means there is a high chance for any enterprise to fall victim to an incident. With this in mind, companies are focusing not only on preventing breaches, but also preparing the methods to limit the impact when it happens.
Look Out For Business Email Compromises(Information Security Buzz) Phishing has emerged as one of the most dangerous types of security threats for businesses, with phishing attacks growing in the second quarter of this year, especially against software-as-a-service and webmail services. That’s according to a recent report by the Anti-Phishing Working Group (APWG), a nonprofit industry association that fights phishing, crimeware and e-mail spoofing. …
Why I Hate Software Upgrades(Checkmarx) The application security testing world is made up of various different solutions, all with one ultimate aim – to protect software from hackers and attacks.
GSM Traffic and Encryption: A5/1 Stream Cipher(Black Hills Information Security) Raymond Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Some useful terminology: Mobile Phone Related: MS mobile …
How to Use CCAT: An Analysis Tool for Cisco Configuration Files(Black Hills Information Security) Kayla Mackiewicz // Last year, fellow tester Jordan Drysdale wrote a blog post about Cisco’s Smart Install feature. His blog post can be found here. If this feature is enabled on a Cisco device, an attacker can download or upload a config file and even execute commands. Whether you use the Smart Install feature or …
Rainy Day Windows Command Research Results(Black Hills Information Security) Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some …
What's Changed in Recon-ng 5.x(Black Hills Information Security) Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for common commands and mapping of some old syntax to the new syntax. If you’re at all like me, you’ll assume that what you know from …
Meet IARPA’s new director(C4ISRNET) The agency's new director replaces Stacey Dixon, who left the agency over the summer to become the new deputy director of the National Geospatial-Intelligence Agency.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
WSJ Pro Cybersecurity Executive Forum(New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...
International Security Expo 2019(London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...
Insider Threat Program Development & Management Training(College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.
Dallas Cybersecurity Conference(Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
CISO Leadership Forum(Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.