How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 2, 2019.
By the CyberWire staff
Netskope warns that the Adwind RAT, a remote access Trojan that’s hitherto been seen operated mostly against retail and hospitality targets, is being actively used in a campaign against the US oil industry.
FireEye is tracking a renewed FakeUpdates criminal campaign (“financially motivated,” as FireEye primly describes it). The victim is told they’re running an obsolete version of their browser and given a bogus update link, which in the current campaign installs Bitpaymer or Doppelpaymer ransomware.
Ransomware is clearly more than a nuisance, as FireEye observes. Computing reports that hospitals in both the US and Australia have been forced to delay elective surgery and otherwise turn patients away because of infestations in their systems.
Cisco's Talos group finds that criminals are looking into the possibility of using maliciously crafted ODT files in an attempt to bypass detection by commonly used security programs. The current campaign is still small, but it's used ODT files to distribute RevengeRAT and njRAT payloads.
Researchers at Confiant warn that the eGobbler malvertising gang has used obscure browser exploits to infect more than a billion ads.
The Checkm8 iOS “forever day” exploit seems of interest mostly to security researchers, but probably won’t have much effect on users. MobileIron offers perspective on Checkm8, and WIRED sums up the state of opinion.
Comparitech reports finding personal information on some twenty-million Russian taxpayers exposed online in an unprotected Elasticsearch cluster hosted on an Amazon cloud. The exposed data include basically the whole shebang: names, addresses, passport numbers, tax IDs....
Today's issue includes events affecting Australia, Bahrain, Canada, China, Denmark, Qatar, Russia, Saudi Arabia, Singapore, United Arab Emirates, United States.
Bring your own context.
Criminals are behaving more like nation-states.
"Cybercriminals are adapting and working together, diversifying their strategies and looking more like states. So despite the high-profile, law-enforcement actions that we've seen against criminal communities and syndicates in 2018, the ability of threat factors to remain operational shows an increase in maturity and resilience of criminal networks. This has been noticed in 2019."
— Malek Ben Salem, senior R&D manager for security at Accenture Labs, on the CyberWire Daily Podcast, 9.30.19.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
And Recorded Future's latest podcast is up. In this episode, "Disinformation for Sale," produced in partnership with the CyberWire, Recorded Future engages with threat actors in Russian-speaking underground fora, and they learn something new about disinformation-as-a-service.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
FakeUpdates hackers are back to spread ransomware(SC Magazine) Hackers have restarted a campaign to spread ransomware in a bid to extort millions of pounds from victims with Dridex and NetSupport used to drop BitPaymer or DoppelPaymer ransomware
New Adwind Campaign targets US Petroleum Industry(Netskope) A new campaign spreading the Adwind RAT has been seen in the wild, specifically targeting the petroleum industry in the US. The samples are relatively new and implement multi-layer obfuscation to try to evade detection. We found multiple RAT samples hosted on the serving domain and spread across multiple directories, all hosted within the last …
Yokogawa Products(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.4
ATTENTION: Low skill level to exploit
Equipment: Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE
Vulnerability: Unquoted Search Path or Element
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to execute malicious files.
Interpeak IPnet TCP/IP Stack(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Moxa EDR 810 Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: EDR 810
Vulnerabilities: Improper Input Validation, Improper Access Control
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution or access to sensitive information.
Security Patches, Mitigations, and Software Updates
Fixes Ready for Interpeak IPnet TCP/IP Stack Holes(ISSSource) ENEA, Green Hills Software, ITRON, IP Infusion, Wind River all have various fixes available to mitigate multiple vulnerabilities in its OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and VxWorks by Wind River products, according to a report with CISA.
Guess what? You should patch Exim again!(Help Net Security) Hot on the heels of a patch for a critical RCE Exim flaw comes another one that fixes a DoS condition (CVE-2019-16928) that could also lead to RCE.
LogRhythm | LogRhythm Releases True Unlimited Data Plan for SIEM(RealWire) Industry’s first-ever fixed cost licensing model means businesses don’t have to sacrifice security because of cost unpredictability London, UK – 1st October, 2019 – LogRhythm, the company powering the world’s enterprise security operations centers (SOCs), announced today that it launched the first True Unlimited Data Plan for its NextGen SIEM
NSS Labs Announces 2019 Next Generation Intrusion Prevention Systems (NGIPS) Group Test Results(NSS Labs, Inc.) Evasions Remain an Issue for Market Leaders AUSTIN, Texas – October 1, 2019 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its 2019 Next Generation Intrusion Prevention System (NGIPS) Group Test. Five of the industry’s leading NGIPS products were tested to compare product capabilities for …
Checkmarx Achieves AWS Security Competency Status(Checkmarx) Checkmarx Software Security Platform available as a managed service on Amazon Web Services, in addition to on-premises and hybrid cloud environments RAMAT GAN, ISRAEL – October 2, 2019 – Checkmarx, a global leader in software security solutions for DevOps, today announced that it has earned Amazon Web Services (AWS) Security Competency status for its market-leadingRead More ›
How One Alaskan Borough Stood Up to A Cyber Attack(CitiesSpeak) In today’s cyber landscape, every city, town and village in America is vulnerable to hackers. And while some local governments are taking steps to prevent and mitigate harm, many more municip…
Does addition by subtraction work for cyber tools?(Fifth Domain) The Department of Homeland Security looks to attack simulation technology and the Lockheed Martin Kill Chain to evaluate which tools are effective and which ones officials should remove.
Trump intensifies ‘Arab NATO’ talks after Iran strike(Al-Monitor) The Donald Trump administration is working to push forward with a military alliance of Middle Eastern states as the international community looks to respond to a suspected Iranian attack on a Saudi oil facility.
New NSA unit to monitor cyberattacks(Arkansas Online) The National Security Agency today will launch an organization to prevent cyberattacks on sensitive government and defense industry computers -- with an eye also toward helping shield critical private-sector systems.
Ukrainian president: Trump didn’t use US military aid as lever(Military Times) Ukraine’s president said Tuesday that no one explained to him why millions of dollars in U.S. military aid to his country was delayed, dismissing suggestions that President Donald Trump froze the funding to pressure Ukraine to investigate Democratic rival Joe Biden.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
SecureWorld Detroit(Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Kansas City Cybersecurity Conference(Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.