skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

Netskope warns that the Adwind RAT, a remote access Trojan that’s hitherto been seen operated mostly against retail and hospitality targets, is being actively used in a campaign against the US oil industry. 

FireEye is tracking a renewed FakeUpdates criminal campaign (“financially motivated,” as FireEye primly describes it). The victim is told they’re running an obsolete version of their browser and given a bogus update link, which in the current campaign installs Bitpaymer or Doppelpaymer ransomware.

Ransomware is clearly more than a nuisance, as FireEye observes. Computing reports that hospitals in both the US and Australia have been forced to delay elective surgery and otherwise turn patients away because of infestations in their systems.

Cisco's Talos group finds that criminals are looking into the possibility of using maliciously crafted ODT files in an attempt to bypass detection by commonly used security programs. The current campaign is still small, but it's used ODT files to distribute RevengeRAT and njRAT payloads.

Researchers at Confiant warn that the eGobbler malvertising gang has used obscure browser exploits to infect more than a billion ads.

The Checkm8 iOS “forever day” exploit seems of interest mostly to security researchers, but probably won’t have much effect on users. MobileIron offers perspective on Checkm8, and WIRED sums up the state of opinion.

Comparitech reports finding personal information on some twenty-million Russian taxpayers exposed online in an unprotected Elasticsearch cluster hosted on an Amazon cloud. The exposed data include basically the whole shebang: names, addresses, passport numbers, tax IDs....

Notes.

Today's issue includes events affecting Australia, Bahrain, Canada, China, Denmark, Qatar, Russia, Saudi Arabia, Singapore, United Arab Emirates, United States.

Bring your own context.

Criminals are behaving more like nation-states.

"Cybercriminals are adapting and working together, diversifying their strategies and looking more like states. So despite the high-profile, law-enforcement actions that we've seen against criminal communities and syndicates in 2018, the ability of threat factors to remain operational shows an increase in maturity and resilience of criminal networks. This has been noticed in 2019."

— Malek Ben Salem, senior R&D manager for security at Accenture Labs, on the CyberWire Daily Podcast, 9.30.19.

Set a better example, nation-states?

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about that California town's implementation of a robot police patrol unit. Our guest is Daniel Garrie from Law & Forensics, discussing eDiscovery.

And Recorded Future's latest podcast is up. In this episode, "Disinformation for Sale," produced in partnership with the CyberWire, Recorded Future engages with threat actors in Russian-speaking underground fora, and they learn something new about disinformation-as-a-service.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

eGobbler Malvertiser Uses WebKit Exploit to Infect Over 1 Billion Ads (BleepingComputer) Roughly 1.16 billion ad impressions have been hijacked in a malvertising campaign operated by a threat group dubbed eGobbler to redirect potential victims to malicious payloads, between August 1 and September 23.

Under-Detected ODT Files Deliver Common Remote Access Trojans (BleepingComputer) Security researchers noticed multiple cybercriminal operations using OpenDocument Text (ODT) files to distribute malware that is typically blocked by antivirus engines. The campaigns target English and Arabic-speaking users.

Disinformation for Hire: Russian PR Firms Co-Opt Western Media, Tech Firms (Fortune) Welcome to the next phase of propaganda.

Twenty million Russians have their tax records exposed online (Computing) Names, addresses, passport numbers, Tax IDs - the whole lot - exposed on unsecured, unencrypted Elasticsearch cluster

FakeUpdates hackers are back to spread ransomware (SC Magazine) Hackers have restarted a campaign to spread ransomware in a bid to extort millions of pounds from victims with Dridex and NetSupport used to drop BitPaymer or DoppelPaymer ransomware

FBI is investigating alleged hacking attempt into mobile voting app (CNN) The FBI is investigating after someone allegedly tried to hack into West Virginia's mobile voting app during the 2018 midterm elections.

New Bug Found in NSA’s Ghidra Tool (Threatpost) Flaw in National Security Agency's Ghidra reverse-engineering tools allows hackers to execute code in vulnerable systems.

New Exim Vulnerability Exposes Servers to DoS Attacks, RCE Risks (BleepingComputer) A new critical vulnerability in the Exim mail transfer agent (MTA) software was patched to prevent denial of service (DoS) or possibly remote code execution attacks.

New Adwind Campaign targets US Petroleum Industry (Netskope) A new campaign spreading the Adwind RAT has been seen in the wild, specifically targeting the petroleum industry in the US. The samples are relatively new and implement multi-layer obfuscation to try to evade detection. We found multiple RAT samples hosted on the serving domain and spread across multiple directories, all hosted within the last …

Checkm8 Apple iOS Forever Day Exploit Explained (MobileIron) checkm8 revealed an Apple iOS device vulnerability called Forever Day Exploit. Learn more about this iPhone exploit & how MobileIron UEM defends against it.

The iOS Checkm8 jailbreak is hugely significant, but not for you (WIRED UK) A hacker has revealed an iOS exploit that's unpatchable and could impact millions of iOS devices. But, it's 2019. A jailbreak is only really useful for security researchers

Armis Discovers Expanded Reach of URGENT/11 That Highlights Risk to Medical Devices (PR Newswire) Armis, the leading enterprise IoT security company, announced today the discovery that URGENT/11 impacts...

Inadequate Patch in Hewlett Packard Enterprise iMC 7.3 E0703 (Medium) On March 20, 2019, we released a research advisory detailing two vulnerabilities in HPE iMC 7.3 E0605P06 that could reward a remote, unauthenticated attacker with admin access.

OYO Security Flaw Leaves Customer Data, Phone Numbers Unprotected (Inc42 Media) Budget lodging chain OYO comes under the ambit of privacy breaches due to a flaw in its security system that left customer data unprotected.

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping (Help Net Security) Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially

Yokogawa Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Yokogawa Equipment: Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute malicious files.

Interpeak IPnet TCP/IP Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River

Moxa EDR 810 Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDR 810 Vulnerabilities: Improper Input Validation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution or access to sensitive information.

Email is an open door for malicious actors looking to exploit businesses (Help Net Security) The Wire report parallels the latest statistics on cybercrime with high-risk events commonly seen in the business world and everyday life.

Employee negligence can be a leading contributor to data breaches (Help Net Security) Shred-it and Ponemon Institute study finds seemingly innocent workplace mistakes put north american businesses at risk for data breaches.

Ransomware attacks force US and Australian hospitals to shut down their systems (Computing) The affected hospitals are turning away new patients and cancelling elective surgeries

Security Patches, Mitigations, and Software Updates

Fixes Ready for Interpeak IPnet TCP/IP Stack Holes (ISSSource) ENEA, Green Hills Software, ITRON, IP Infusion, Wind River all have various fixes available to mitigate multiple vulnerabilities in its OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and VxWorks by Wind River products, according to a report with CISA.

Keeping privacy and security simple, for you (Google) We’re expanding our easy-to-use privacy controls to products like the Assistant, Maps and YouTube and announcing new ways of protecting your data online.

Guess what? You should patch Exim again! (Help Net Security) Hot on the heels of a patch for a critical RCE Exim flaw comes another one that fixes a DoS condition (CVE-2019-16928) that could also lead to RCE.

Singapore Government launches Vulnerability Disclosure Program (CISO MAG) The Government of Singapore announced that it has rectified 31 vulnerabilities in its network systems that are found by ethical hackers

Cyber Trends

2019 Cyber Threat Intelligence Estimate (Optiv) The best-practice recommendations in this report are practical next steps that help immediately improve cybersecurity posture.

Financial crime and fraud in the age of cybersecurity (McKinsey & Company) Institutions are crossing functional boundaries to enable collaborative resistance against financial cybercrime and fraud.

Allot Sees Increased Demand for Network Visibility and Control Solutions from Regulatory Agencies (West) First Half of 2019 Shows Marked Acceleration in Demand for Advanced Solutions Offering Actionable Insights into Network Usage and Abuses

Cybersecurity Programs Shown to Have Tangible Value in M&A Assessments (Yahoo) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today released the findings from its Cybersecurity Assessments in Mergers and Acquisitions report, which surveyed 250 U.S.-based professionals with mergers

C-Suite execs are the worst at cybersecurity compliance: report (Which-50) C-Suite executives are the least likely to comply with organisational cybersecurity policy, according to a new study. The report from Bitdefender found

New Research Shows Businesses Aren't Proactive Enough When it Comes to Managing Online Reputation (PR Newswire) To stay ahead of potential crises, most small businesses (88%) monitor their online reputation at least quarterly,...

Where's the CISOs? - missing from more than a third of Fortune 500 (SC Magazine) Shocking new report finds that not only are many major enterprises missing a CISO, but also security strategy roles and data protection mission statements are also absent.

Marketplace

Cyber insurance cover sales rise as attacks increase (The Asian Age) Top insurance brokers who deal with the crisis are of view that cyber risk is a top order item for any board across the globe.

Are there too many vendors in the federal cyber market? (Washington Business Journal) As CIOs and CISOs try to shape the nature of their technology environments, some are wondering whether the focus on cyber has led to a surfeit of options in the market.

ReFirm Labs Closes $2 Million Pre-A Funding Round to Accelerate Contin (PRWeb) ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced the closing of a Pre-A round of $2 million in f

HYPR Secures $18.3 Million Series B to Eliminate Passwords Across the Enterprise (PR Newswire) HYPR, the leading provider of True Passwordless Security, announced today the company has closed $18.3 Million in Series...

Acronis Announces a $147 Million Investment Round Led by Goldman Sachs - Media Releases - CSO | The Resource for Data Security Executives (CSO) Funding to allow Acronis to make acquisitions, expand the engineering team and accelerate the business growth in North America in the partnership with Acronis SCS

HW Kaufman acquires cyber MGA Node International (Reinsurance News) HW Kaufman Group, the parent company of wholesale brokerage and managing general underwriter Burns & Wilcox has acquired Node international, a

ReliaQuest Acquires Threatcare to Improve Proactive Management of Enterprise Security (PR Newswire) ReliaQuest, the leader in enterprise cybersecurity, today announced that it has entered into an agreement to acquire...

Danish company Demant expects to suffer huge losses due to cyber attack (Help Net Security) Danish hearing health care company Demant has estimated it will lose between $80 and $95 million due to a recent "cyber-crime" attack.

Visa, Mastercard, Others Reconsider Involvement in Facebook's Libra Network (Wall Street Journal) Cracks are forming in the coalition Facebook assembled to build a global cryptocurrency-based payments network.

How Kaspersky is moving from cybersecurity to cyber immunity (BNamericas.com) Russian-based cybersecurity firm Kaspersky believes that the only way to provide security protection to the next wave of connected devices is to migrate from a concept of cybersecurity to cyber immunity.

Products, Services, and Solutions

WatchGuard’s New DNSWatchGO Service Eliminates Evolving Security Blind Spots, Blocks Phishing Attempts (West) New service fills major security gap beyond the network perimeter, as new research shows 64% of remote users have fallen victim to a cyber attack

LogRhythm | LogRhythm Releases True Unlimited Data Plan for SIEM (RealWire) Industry’s first-ever fixed cost licensing model means businesses don’t have to sacrifice security because of cost unpredictability London, UK – 1st October, 2019 – LogRhythm, the company powering the world’s enterprise security operations centers (SOCs), announced today that it launched the first True Unlimited Data Plan for its NextGen SIEM

Exabeam Announces Enhancements to SIEM Platform at Spotlight19 (BusinessWire) During its annual user conference, Spotlight19, Exabeam, the announced enhancements to the Exabeam Security Management Platform.

NSS Labs Announces 2019 Next Generation Intrusion Prevention Systems (NGIPS) Group Test Results (NSS Labs, Inc.) Evasions Remain an Issue for Market Leaders AUSTIN, Texas – October 1, 2019 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its 2019 Next Generation Intrusion Prevention System (NGIPS) Group Test. Five of the industry’s leading NGIPS products were tested to compare product capabilities for …

Checkmarx Achieves AWS Security Competency Status (Checkmarx) Checkmarx Software Security Platform available as a managed service on Amazon Web Services, in addition to on-premises and hybrid cloud environments RAMAT GAN, ISRAEL – October 2, 2019 – Checkmarx, a global leader in software security solutions for DevOps, today announced that it has earned Amazon Web Services (AWS) Security Competency status for its market-leadingRead More ›

Turn on EA Login Verification and get a free* month of Origin Access (EA) When you turn on EA Login Verification during October 2019, you add an extra layer of protection to your EA Account and we’ll give you a month of Origin Access. It’s as easy as that.

Exclusive Networks Partners with Bitglass to Accelerate the Adoption of Real-Time Cloud Security (EIN News) Exclusive Networks, the global specialist VAD for cybersecurity and cloud solutions, today announced its U.S. and Canadian partnerships with Bitglass, the

Huawei's first Google-free phone loses ability to install Google apps (Computing) Now with even less Google

Technologies, Techniques, and Standards

New Findings and Recommendations Issued by Shared Assessments on The Board’s Role in Effective Risk Management (BusinessWire) New Findings, Recommendations Issued on The Board’s Role in Effective Risk Management from Shared Assessments third party risk management leader

How One Alaskan Borough Stood Up to A Cyber Attack (CitiesSpeak) In today’s cyber landscape, every city, town and village in America is vulnerable to hackers. And while some local governments are taking steps to prevent and mitigate harm, many more municip…

Does addition by subtraction work for cyber tools? (Fifth Domain) The Department of Homeland Security looks to attack simulation technology and the Lockheed Martin Kill Chain to evaluate which tools are effective and which ones officials should remove.

Research and Development

Acalvio awarded seminal U.S. Patent that makes Deception Technology practical and cost-effective to deploy (West) Innovation allows for a first of its kind Projection of Deceptions – making Deception technology safe, easy and cost-effective

Legislation, Policy, and Regulation

New U.N. Debate on Cybersecurity in the Context of International Security (Lawfare) The U.N.’s open-ended working group on international law and norms in relation to cyberspace met for the first time earlier this month.

Trump intensifies ‘Arab NATO’ talks after Iran strike (Al-Monitor) The Donald Trump administration is working to push forward with a military alliance of Middle Eastern states as the international community looks to respond to a suspected Iranian attack on a Saudi oil facility.

Lawmakers Propose $1 Billion Purge of Chinese Telecom Equipment (Nextgov.com) The Secure and Trusted Communications Networks Act would help small and rural providers pay to replace equipment from Huawei, ZTE and other foreign vendors with safer alternatives.

America’s Answer to Huawei (Foreign Policy) The Pentagon is relying on U.S. commercial carriers to help win the 5G race against China.

Senate Bill Creates DHS Threat Hunting Teams (Decipher) The Senate has passed a measure that creates threat hunting and response teams to help government agencies and enterprises respond to major cybersecurity incidents.

Lawmakers advance bills that would add to DHS' cyber-responsibilities (SC Magazine) The US Senate pass a bill requiring the Department of Homeland Security to maintain cyber-hunt and incident response teams

NSA activates Cybersecurity Directorate to protect weapons, industrial base (UPI) The NSA activated its new Cybersecurity Directorate to bring the agency's foreign intelligence and cyberdefense missions together in an effort to better protect weapons security and the defense industrial base.

New NSA unit to monitor cyberattacks (Arkansas Online) The National Security Agency today will launch an organization to prevent cyberattacks on sensitive government and defense industry computers -- with an eye also toward helping shield critical private-sector systems.

Army Cyber Policy Focuses on Warfighters (SIGNAL Magazine) New initiatives emphasize cybersecurity in the tactical environment, including networks, weaponry and any other systems used by warfighters.

Monitoring capabilities, ISR tech will deter America’s adversaries (C4ISRNET) Increasing persistent surveillance in the Gulf — and perhaps more importantly making adversaries believe they’re being watched — is part of an effective peacekeeping strategy for the volatile region.

Background investigations move to their new home at the Pentagon (Federal Times) Officials at the Department of Defense and civilian agencies successfully orchestrated the transfer of nearly 3,000 employees from the Office of Personnel Management to the Pentagon.

Litigation, Investigation, and Law Enforcement

Ukrainian president: Trump didn’t use US military aid as lever (Military Times) Ukraine’s president said Tuesday that no one explained to him why millions of dollars in U.S. military aid to his country was delayed, dismissing suggestions that President Donald Trump froze the funding to pressure Ukraine to investigate Democratic rival Joe Biden.

FBI called in as Strathroy auto parts factory suffers cyber attack (The London Free Press) Local authorities have called in the FBI as the investigation deepens into a rare cyber attack against an auto parts manufacturer here.But even with the involvement of the U.S. la…

CCPA FAQs Part 3: Litigation, Regulatory Actions and Liability (Cooley) As we approach the January 1, 2020 effective date of the California Consumer Privacy Act (“CCPA” or “Act”) it is a good time to consider what is at stake for businesses that…

How to handle cyberspace security during a divorce (KHOU) How to handle cyberspace security during a divorce

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Defend Your Organization: Cybersecurity in Manufacturing Conference (Boston, Massachusetts, USA, October 1 - 2, 2019) The manufacturing industry is one of the most heavily targeted industries for cyberattacks. As manufacturers undertake digital transformations, vulnerability to attacks increase. Hear from expert speakers...

SecureWorld Detroit (Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Kansas City Cybersecurity Conference (Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Australian Cyber Conference 2019 (Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.