Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
October 8, 2019.
By the CyberWire staff
Late yesterday Anomali issued a report on Mustang Panda, a Chinese government threat group that's probably operating against a distinct but extensive set of targets: people interested in UN Security Council resolutions concerning ISIL, MIAT Airlines (a Mongolian carrier), cultural exchange not-for-profit China-Zentrum e.V., the Communist Party of Vietnam, and Shan Tai Theravada Buddhists. Their conclusions about the targets are based on the nature of the phishbait. Mustang Panda was first identified by CrowdStrike in June of 2018.
Unpatched instances of the Drupal content management system continue to receive "Drupalgeddon2" attacks, Akamai warns.
The US NSA yesterday added its own warnings to those CISA and the UK's NCSC issued last week concerning the exploitation of older but still widely used VPNs by various international threat actors. NSA's notes include advice about mitigation.
Five US Republican Senators have written Microsoft President Brad Smith to tell him he's underestimating the security threat Huawei poses.
It's Patch Tuesday, and the usual round of updates are expected later today. One set of patches, however, won't appear. D-Link has decided not to patch its older home routers against a critical remote takeover vulnerability, Threatpost reports. Users should upgrade to new equipment instead. The affected routers, although still available as "new" from third-party vendors, are beyond their end-of-life.
The Internet Society has done a privacy audit of twenty-three US Presidential campaign sites and found seven of them worthy, those belonging to candidates Buttigieg, Harris, Klobuchar, O'Rourke, Sanders, Trump, and Williamson. The other sixteen? Sorry, no bueno.
Today's issue includes events affecting Australia, China, Czech Republic, Egypt, Germany, Iran, Mongolia, Myanmar, New Zealand, Pakistan, Taiwan, Thailand, United Kingdom, United States, and Vietnam.
Bring your own context.
On the interpenetration of government and criminal hacking: sometimes crooks become contractors.
"One of the big distinct things about APT41 is the fact that it's conducting both financially motivated cybercrime operations alongside and simultaneously with the cyber espionage campaigns. So, usually with the Chinese espionage groups, they tend to do just the nation-state stuff. If they're doing anything on the side, it's quite a bit separate. But in the case of APT41, there's a lot of overlap between these two worlds within a single group. So, that includes the timing – they're conducting both the financially motivated activity as well as the espionage activity often on the same day, and long-running campaigns running at the same time – but also in terms of the tools they're using.... We think that this group – they have a strong personal interest in the video game industry, and a lot of what they are doing in the financially motivated world is targeted against the video game industry. So a lot of their earlier operations are concentrated against not just video game studios and developers, but also payment platforms and online forums and other related services that are part of the world of video gaming. And a lot of the operations that they're conducting and how they're conducting these operations – the TTPs – will often emerge first in their targeting of video game organizations and then later kind of bleed over into the espionage activities that they're also doing."
—Fred Plan, Senior Analyst on FireEye's Cyber Espionage Threat Intelligence Team, on the CyberWire's Research Saturday, 10.5.19.
Does this lead to any speculation that, you know, they got their start doing non-government type of work and perhaps they caught the government's eye and they said, hey, you guys are doing some interesting work here – how'd you like to come work for us? Is that a possibility or is that just purely speculative?
"It is a possibility, and in fact, we have research dating back to at least 2005, indicating that individuals who were responsible for this activity were advertising hacker-for-hire services. So they were saying they were available for hacking into system networks, and we believe that that was probably in a contractor capacity."
—Nalani Fraser, Senior Manager of the Advanced Analysis Team for FireEye Threat Intelligence, also speaking on the CyberWire's Research Saturday, 10.5.19.
And they go on the government payroll without having to give up their night job, too.
The correct name of the JTF Ares campaign against ISIS is Operation Glowing Symphony, not, as misstated in the 9.27.19 podcast, "Golden Symphony."
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Texas Cyber Summit Job Fair, October 10, San Antonio.(San Antonio, Texas, United States, October 10, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free Texas Cyber Summit Job Fair, October 10 in San Antonio. Meet face-to-face with leading cyber employers. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email firstname.lastname@example.org for a chance to receive a complimentary ticket.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
RobbinHood Ransomware Using Street Cred to Make Victims Pay(BleepingComputer) The operators behind the RobbinHood ransomware have changed their language in the ransom note, at least in one variant of the malware, to take from victims all hope of decrypting the files for free and to make them pay for the recovery.
Vulnerability Summary for the Week of September 30, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
One Year After ‘The Big Hack’(PixelEnvy) Today marks the one-year anniversary of Bloomberg’s publication of a story about Chinese intelligence intercepting the supply chain of Supermicro, a company which has built and sold servers to Amazon, Apple, the U.S. Department of Defense, and dozens of other companies. Apparently, they developed a chip that looked identical to a rice-sized standard component placed […]
The State of Cybersecurity Hiring(Burning Glass Technologies) The number of cybersecurity job postings has grown 94% since 2013, three times faster than IT jobs overall. But a talent gap persists.
2019 State of SMB Cybersecurity (Keeper) Our exclusive research conducted in partnership with the Ponemon Institute shows that cyberattacks are more sophisticated, more highly targeted, and happening more often than ever before.
Industrial Security Podcast: Joe Weiss(Waterfall Security) Industrial security pioneer Joe Weiss explains how there are 3 networks, not 2 - IT, OT and Engineering, with examples from the 2007 aurora test.
OCTC program named top cybersecurity program by DHS and NSA(Owensboro Messenger-Inquirer) Owensboro Community & Technical College's computer and information technology program has been named a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency and the
Valley City State University student wins full cybersecurity scholarship from SANS Technology Institute(AM 1100 The Flag WZFG) Shane Hitch, a sophomore at Valley City State University majoring in software engineering, has been awarded a $22,000 scholarship to the Applied Cybersecurity certificate program operated by SANS Technology Institute. Hitch, one of only 100 students nationwide to receive the scholarship, was a finalist in the SANS Cyber FastTrack challenge, a free online cybersecurity program for college students and graduates designed to help improve the quality and preparation of cybersecurity professionals in this growing, global career field.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
CyberNext Summit(Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...
Borderless Cyber(Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...
SecureWorld Dallas(Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Jacksonville Cybersecurity Conference(Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.