skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

The US FBI has issued an alert that ransomware represents a "high-impact" threat.

The UK's NCSC warns of pervasive exploitation of widely-used VPNs.

The New York Times reports that the European Court of Justice ruled today that national courts may order Facebook to take down and restrict access to content globally. The case originated with an Austrian Green Party politician who requested removal of unflattering comments an unnamed individual had posted to a personal page. (The plaintiff, Eva Glawischnig-Piesczek, alleged that three bits of content were impermissibly objectionable. Specifically, she objected to "traitor to the people," "corrupt clod," and "fascist.") Columbia Global Freedom of Expression has an overview.

Facebook yesterday received a letter from US Senators Warner (Democrat of Virginia) and Rubio (Republican of Florida) asking for an explanation of its policies and technical capabilities with respect to deep fakes and fabricated news generally.

An Australian National University review of its data breach concludes that the hackers got in by spearphishing a senior member of the university's staff. The Australian Financial Review reports that ANU declined to name a culprit, but called the attackers "sophisticated" and probably interested in fraud. 10Daily says the phishing victim simply previewed the email, and didn't interact with it in any other way.

Business Insider says FireEye has retained Goldman Sachs, as the security company explores putting itself up for sale.

In a year where CrowdStrike finds cybercriminals more active than state-sponsored hackers, Chinese intelligence services have been taken a leading role in industrial espionage.

Notes.

Today's issue includes events affecting Australia, Austria, Cambodia, Canada, China, European Union, Ireland, Russia, Singapore, Ukraine, United Kingdom, United States, and Uzbekistan.

Bring your own context.

Reports of skepticism about the Libra cryptocurrency have centered on issues of national sovereignty and its role in fiat money. But simple fear may be a bigger factor.

"They always go to the place of fear. This is change. This is something different. What should I be afraid of? And because it's got the Facebook stamp on it, obviously, in our minds, we can think of various events that have taken place in recent months and years where we think, do we really want to trust Facebook with all of this information? The reality is that we call this Facebook Libra. But it's not Facebook. Not directly, anyway. Facebook is one member in an association where the association will manage this network. Yes, Facebook were the conceiving body. They were the organization that put forward the developers that built out the Libra framework. So the fear that we have, which is, do I really want to trust my personal, identifiable information to an organization that has got a track record of not really looking after that well?"

—Simon Rodway from Entersekt, on the CyberWire Daily Podcast, 10.1.19.

Of course, no one worries about Satoshi Nakamoto, whoever, wherever, and whenever Satoshi may be. Everybody's jake with that...

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams discusses maliciously crafted ODT files. Our guest is Yoav Leitersdorf of YL Ventures, who offers insights into the VC market in Israel.

And Hacking Humans is up. In this episode, "The ultimate hacking tool," Joe reviews highlights from a Proofpoint report on the human aspects of cyber attacks. Dave describes the FTC's cases against online dating site Match.com. The catch of the day comes straight from Her Majesty the Queen. Carole Theriault returns with an interview with Corin Imai, Senior Security adviser at DomainTools, about phishing attacks they’ve been tracking in the UK.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Chinese hacking group targets Southeast Asian governments with data-stealing malware (The Next Web) A threat group responsible for a series of malware-based espionage attacks has been increasingly targeting the Southeast Asian government sector to steal confidential data.

Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC (Vice) A new threat actor Kaspersky calls SandCat, believed to be Uzbekistan’s intelligence agency, is so bad at operational security, researchers have found multiple zero-day exploits used by the group, and even caught malware the group was still developing.

Energy sector under attack from malware combo attacks (SC Magazine) Kaspersky products were triggered on 41.6 percent of ICS computers in the energy sector globally in just the first six months of 2019.

AVIVORE – Hunting Global Aerospace through the Supply Chain | Context Information Security UK (Context Information Security UK) Context has identified a new threat group behind incidents targeted at the aerospace and defence industries.

CrowdStrike says an aviation industry hacker had significant high-level access to secrets (CNBC) Nation-state hackers often target these companies to gather as much information and intellectual property as possible, while also creating "beachheads" within a company meant to serve as a wide-scale, longer term network observation point.

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us (McAfee Blogs) Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil),

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars (McAfee Blogs) Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat

Vulnerabilities exploited in VPN products used worldwide (NCSC) APTs are exploiting vulnerabilities in several VPN products used worldwide

Multiple zero-day vulnerabilities found medical IoT devices: CISA (SC Magazine) CISA issues advisory, warning of vulnerabilities in several medical IoT devices that could lead to remote code execution

Urgent11 flaws affect more medical, industrial devices than previously thought (Help Net Security) Urgent11 vulnerabilities are also present is some versions of Real Time Operating Systems by ENEA, Green Hills, Mentor, TRON Forum and IP Infusion.

Attacker breaches Comodo forums by first exploiting vBulletin flaw (SC Media) More than 170,000 users of Comodo Group's online forums had their data stolen by a malicious actor who exploited a flaw in vBulletin forum software.

Cybersecurity giant Comodo can’t even keep its own website secure (TechCrunch) Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software used by Comodo. The flaw, …

Browser-hijacking Ghostcat malware haunts online publishers (SC Magazine) Ghostcat-3PC, a malvertising operation designed to infect online publishers with browser-hijacking malware, launches at least 18 separate infection campaigns in three months

Criminals' security lapses enable discovery of Geost mobile banking trojan (SC Magazine) Researchers uncover large Android banking trojan scheme that may have impacted hundreds of millions of Russians

Geost Botnet (Virus Bulletin Conference) The story of the discovery of a new Android banking Trojan from an OPSEC error.

PDFex attacks can exfiltrate content from encrypted PDF documents (Help Net Security) Researchers have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted PDF documents.

The 5 biggest examples of executive threats and how to prevent them (Help Net Security) Many executives focus their security efforts solely on physical threats, but attacks targeting an executive's digital presence can be just as dangerous.

ANU cyber attack began with email to senior staff member (Australian Financial Review) Staff, students' and graduates' private information was stolen in a cyber attack on one of Australia's most prestigious institutions.

Hacking 2020 voting systems is a ‘piece of cake’ (Naked Security) That’s how Senator Wyden described the results of DefCon’s Voting Village, where all of 100 voting systems were easily picked apart by hackers.

5 emerging customer identity threats (SecurityInfoWatch) How you can protect your organization from data breaches and identity theft

Cyber Trends

Of All State-Backed Hackers, the Chinese Hit Most Industries (BleepingComputer) Hackers working for the Chinese government deployed attacks against the largest number of industry verticals in the first half of the year.

Massive uptick in eCrime campaigns, retail among top targeted industries (Help Net Security) OverWatch has seen a large increase in intrusion activity from eCrime actors in the first half of 2019, accounting for the majority of detected intrusions.

49% of infosec pros are awake at night worrying about their organization’s cybersecurity (Help Net Security) A global survey of more than 6,000 infosec pros reveals that 49% are worried about the cybersecurity readiness of their organization.

Data breaches now cost companies an average of $1.41 million (TechRepublic) IT security budgets now average $18.9 million, up from $8.9 million, with savings credited to internal cybersecurity, according to new Kaspersky report.

Marketplace

Can't Hire Security Talent? Try Growing Your Own (Forbes) If you can’t scale security through direct hiring, you’ve got to find another way. Developing your existing employees into security champions can help close that skills gap. 

Kaspersky Anti-Virus Is Still Active in U.S. Government Agencies and the Fortune 500 (CSO Online) Cyberwarfare, hacks, and data breaches — such concerns are present in the minds of today’s citizens and organizations, and rightfully so.

Tesserent acquires PS&C's security division for $16m (CRN Australia) Less than a year after selling off telco business.

Oakton disappears as NTT rebrand sets in (CRN Australia) The company, which DiData bought for $171 million, is no more.

Silicon Valley cybersecurity company FireEye has hired Goldman Sachs for a potential sale, sources tell Business Insider (Business Insider) Money-losing FireEye is looking for a buyer, sources said, and has brought on Goldman Sachs to advise on a possible sale.

FireEye +5.4% after report its mulling a sale (Seeking Alpha) Business Insider sources say FireEye (FEYE +5.4%) has hired Goldman Sachs to advise it on any potential deals with PE firms looking like the most likely buyers.

UBS sees $22/share for potential FEYE sale (FireEye) UBS analyst Fatima Boolani weighs in after yesterday's Business Insider report that FireEye (NASDAQ:FEYE) is considering a sale. Boolani calculates a sum-of-the-parts valuation of $22 per share, using a 5x CY20 estimate of Enterprise value/sales multiple.

Attack data exceeding our power to process it? SC Interview: Florin Talpes (SC Magazine) How to go from central planning research under communism to defending global corporations as head of your own successful cyber-security business - plus, what's next?

Axcient CEO: ‘Our Business Is Essentially The Last Line Of Security' (CRN) Axcient CEO David Bennett says the backup and disaster recovery company’s goal is to eradicate data risk for managed service providers and serve as the “last line of security.”

AttackIQ Strengthens Leadership Team with the Appointment of Chief Financial Officer (BusinessWire) AttackIQⓇ, the leading, independent player in the emerging market of continuous security validation, today announced Danielle Murcray has joined the c

Anomali Announces New Preferred Partner Tier (Yahoo) Anomali, a leader in intelligence-driven cybersecurity solutions, today announced that the Anomali Preferred.

UNITED STATES : Ex-CIA stalwart Edwin Brauchli joins Palantir (Intelligence Online) Edwin Brauchli, a former senior intelligence service executive at the

Products, Services, and Solutions

Cynamics High Network Visibility Offering to Slash Government IT and Cybersecurity Costs by 90% (Cynamics) Smart Cities and Government Entities Will Save Millions with Firm’s Innovative, Cost-Effective Network Visibility Solution

Veeam introduces new Universal licence (CRN Australia) And a new entry-level Starter Backup product building on Community Edition.

Microsoft's secure OneDrive personal vault rolls out worldwide (Engadget) Important files can be protected with an extra verification step.

UW implements multi-factor authentication security measures (The Badger Herald) Nearly 5,000 NetIDs stolen in 2018

McAfee adds new threat intelligence products to enterprise security suite (ZDNet) The cybersecurity company said the new features are meant to give businesses the tools to manage an influx in data and connected devices.

A10 Networks cloud access proxy provides secure access, visibility for SaaS apps (Telecompaper) A10 Networks announced a new Cloud Access Proxy (CAP) platform that provides secure access to software as a service (SaaS) applications, such as Microsoft Office 365.

Technologies, Techniques, and Standards

Information security in loss figures (Kaspersky Daily) We surveyed almost 5,000 business decision-makers willing to share their thoughts on cybersecurity and their firms’ attitudes about cyberthreats.

But We Have an Email Gateway... (Akamai) In my previous phishing blogs, I wrote about the evolution of phishing and the industrialization of phishing that's being driven by the availability and low cost of toolkits....

Design and Innovation

Blind Spots in AI Just Might Help Protect Your Privacy (Wired) Researchers have found a potential silver lining in so-called adversarial examples, using it to shield sensitive data from snoops.

Legislation, Policy, and Regulation

Washington takes on China and Huawei via telecommunications standards (Intelligence Online) Fearing Chinese intrusion in US communications systems, the US Congress is trying to influence international norms.

Australia snubbed Huawei and completed its undersea cable project to bring high-speed internet to Pacific Islands (Casper Courier) Australia has completed the laying of undersea cables for its high-speed internet project in the Solomon Islands and Papua New Guinea, a snub to China‘s Huawei which had previously competed for the deal.

White House links Huawei and ZTE to Chinese Muslim 'concentration camps' (Washington Examiner) The White House has accused telecom giants Huawei and ZTE of complicity with “concentration camps” in China, where it claims more than three million Muslims are imprisoned.

Why Europe Won't Combat Huawei's Trojan Tech (The National Interest) Europe is wary of its U.S. counterpart's intentions. But U.S. tech companies will be the least of Europe’s concerns if Huawei hands over European data to the Chinese government.

Who do I escalate my cyber emergency to? (Professional Security) A business continuity and IT disaster recovery company offers advice, on how to escalate a cyber incident in the UK, after the US Senate passes the DHS Cyber Hunt and Incident Response Teams Act.

Senators press tech firms on 'deepfake' technology (Seeking Alpha) Two senators have sent letters to key online media giants, expressing worry about "deepfake" technology allowing for audiovisual fabrications and their use in disinformation campaigns.

CISA's Krebs: 'Decisions We Make Online Can Have Global Implications' (Homeland Security Today) NCSAM 2019 highlights simple and proactive steps everyone can take to enhance their cybersecurity awareness, whether at home, in the workplace or on the go.

New Hampshire CIO Pushes for Independent Cybersecurity Audit (Government Technology) Information Technology Department Commissioner Denis Goulet is recommending a nearly $500,000 statewide cybersecurity assessment. He says the undertaking is too large for the state to handle on its own.

Litigation, Investigation, and Law Enforcement

Whistleblower contacted House Intelligence Committee before filing official complaint (Axios) It partly explains how Adam Schiff knew to press the Trump administration to release the complaint.

Trump triumphant as New York Times report reveals ‘whistleblower’ spoke to ‘Shifty Schiff’ before filing complaint (RT International) The CIA agent accusing President Donald Trump of a quid pro quo with Ukraine spoke to House intel chief Adam Schiff’s staff before filing his whistleblower complaint, sources say – and Trump believes the collusion goes deeper.

E.U.’s Top Court Rules Against Facebook in Global Takedown Case (New York Times) Comments posted on the social network about an Austrian politician became a battle over the reach of European defamation laws on the internet.

Foreign-Exchange Brokers BGC, GFI Settle Probes Over Phony Trades (Wall Street Journal) Two brokerage firms that connect banks in the foreign-exchange market agreed to pay $25 million to settle claims that they fabricated activity on their platforms to lure more trading interest.

European Court: Websites need to obtain explicit users' consent before tracking them with cookies (Computing) Planet49 was accused of using a pre-checked consent box as an authorisation to store cookies on users' machines

Alleged RCMP spy kept a list of passwords written down: source (Global News) The RCMP have said the charges against Ortis are connected to “activities alleged to have occurred during his tenure as an RCMP employee.”

FBI Issues ‘High-Impact’ Cyber Attack Warning—What You Need To Know (Forbes) The FBI is the lead U.S. federal agency for investigating cyber-attacks. When it warns of a "high impact" and ongoing threat, it's best to take notice.

FBI urges organisations not to pay ransomware demands (Computing) Paying a ransom encourages criminals to target more people, FBI warns

Senate summons supervisors on county courthouse capers (Perry News) The members of the Dallas County Board of Supervisors received an invitation Tuesday to travel to the statehouse in Des Moines Friday for a hearing on the alleged burglary of the Dallas County Courthouse Sept 11.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Kansas City Cybersecurity Conference (Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Australian Cyber Conference 2019 (Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...

CyberNext Summit (Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...

Borderless Cyber (Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...

SecureWorld Dallas (Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.