How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 4, 2019.
By the CyberWire staff
Google's Project Zero has determined that at least eighteen widely used Android devices are vulnerable to exploitation of a use-after-free condition, and that this vulnerability is being exploited in the wild. Ars Technica cites Google as pointing to either Herzliya-based NSO Group or some of its customers as the actors behind the attacks. The October Android update is expected to address the issue.
Check Point has linked a domestic surveillance effort to Egyptian intelligence services. The campaign used spyware embedded in security apps made available in Google's Play Store. Victims were targeted through 0Auth phishing.
Palo Alto Networks has published an "Adversary Playbook" for PKPLUG, a recently identified Chinese state espionage actor that's concerned itself with domestic surveillance of Uyghurs and international espionage directed against countries opposed to Belt and Road. The group is behind the HenBox Android malware distributed through third-party app stores.
Cabinet members in the US, the UK, and Australia will jointly ask Facebook to hold off on plans to implement end-to-end encryption. Buzzfeed yesterday obtained a copy of a letter US Attorney General Barr, UK Home Secretary Patel, Australian Home Affairs Minister Dutton, and acting US Homeland Security Secretary McAleenan intend to publish today. The open letter, which ZDNet says will be issued in conjunction with announcement of a new data-sharing agreement among the three countries, specifically asks that the social network not make it impossible for authorities to legally access content relating to child sexual exploitation and abuse, terrorism, and foreign interference in democratic institutions.
Today's issue includes events affecting Australia, China, Egypt, European Union, Israel, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States, and Uzbekistan.
Bring your own context.
A discussion of legal discovery. What is it?
"It's about the discovery of the responsive information relevant to that incident. Now, sometimes, discovery can also involve third parties, so a lot of vendors that collect logs or have cloud-based services or whatever will get third-party subpoenas in connection with discovery involving another case. Like, for example, they may want the endpoint log files that are hosted by a third party. The part involved in a data breach - one of the lawyers will - may have to subpoena that company, and there'll be discovery. So it's the process of getting information as it's connected to a dispute. Now, there's also discovery in arbitration. There's also discovery in government investigations, and certainly in criminal cases as well. Those tend to be a little more draconian and arcane sometimes, or one-way, or, you know, better or worse, depending on the regulator."
—Daniel Garrie, co-founder of Law & Forensics, a global legal engineering firm, and editor-in-chief of the Journal of Law & Cyber Warfare, on the CyberWire Daily Podcast, 10.2.19.
It can be difficult to know what information is important, to recognize it when you've found it, and to present it to a judge who is, after all, a generalist.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Texas Cyber Summit Job Fair, October 10, San Antonio.(San Antonio, Texas, United States, October 10, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free Texas Cyber Summit Job Fair, October 10 in San Antonio. Meet face-to-face with leading cyber employers. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Lessons from the ANU cyberattack | The Strategist(The Strategist) Australian National University Vice Chancellor Brian Schmidt’s public release of a detailed report on the damaging cyberattack on ANU systems and data marks a refreshing shift in behaviour on cybersecurity for Australian public institutions. The ...
Interpeak IPnet TCP/IP Stack (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
2019 Data Exposure Report(Code 42) Most organizations have some kind of data loss prevention strategy in place. However, that strategy typically ignores one of the greatest threats to data: the threat posed by employees.
HP to Cut Up to 9,000 Jobs in New CEO’s Restructuring Plan (Wall Street Journal) Incoming HP Chief Executive Enrique Lores is moving quickly to imprint changes on the computer hardware maker with plans to shrink the company’s ranks by as much as 16% in a restructuring plan that also aims to revive lagging printer sales.
Cybersecurity firm Acronis investing major growth in Arizona(Chamber Business News) Internet security firm F-Secure recently published a report covering the current landscape of cybersecurity attacks and data hygiene in the United States. The report, “Attack Landscape H1 2019,” revealed nearly three billion separate attacks had hit individual Internet of Things (IoT) devices in the first half of the year alone, a surge of 300 percent. …
Australian Govt Issues Android and iOS Security Hardening Guides(BleepingComputer) The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets.
Tips for Avoiding Remote Connectivity Hacking(National Cyber Security) For the better part of the past decade, online tech support scams have been on the rise as hackers find new ways to trick consumers into providing remote access to their computers in order to steal information.
TikTok explains its ban on political advertising(TechCrunch) Already under fire for advancing Chinese foreign policy by censoring topics like Hong Kong’s protests and pro-LGBT content, the Beijing-based video app TikTok is now further distancing itself from U.S. social media platforms, like Facebook, Twitter and Instagram, with a ban on political ads o…
Quantum computers will change all our lives(Times) In 1970 a British mathematician called James Ellis had one of those lightbulb moments. Ellis, who worked for GCHQ, was trying to find a way of sending messages securely even when someone else is...
European Court Ruling on Facebook Sets Harmful Precedent(Center for Data Innovation) In response to a European Court of Justice ruling that member states may order hosting providers to remove content worldwide, the Center for Data Innovation released the following statement from Senior Policy Analyst Eline Chivot.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Hygiene: Why the Fundamentals Matter(Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
CyberNext Summit(Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...
Borderless Cyber(Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...
SecureWorld Dallas(Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Jacksonville Cybersecurity Conference(Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.