Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.
October 15, 2019.
By the CyberWire staff
Turkish authorities interdict social media along the Syrian border in support of an offensive against Kurdish forces, WIRED reports.
Proofpoint has issued another report on Silent Librarian, the Iranian threat group also tracked as Cobalt Dickens and TA407. Silent Librarian, associated with Iran's Mabna Institute, targets universities through phishing campaigns that make heavy use of spoofed university brands and library-themed phishbait. The objective appears to be intellectual property theft.
North Korea's Lazarus Group has renewed its deployment of an Apple backdoor against cryptocurrency exchanges. Malwarehunter Team alerted researchers to the activity Friday; it was further examined by researcher Patrick Wardle, who sees the malware as a variant of the AppleJeus operation Kaspersky described in August. In this round the Lazarus Group is again using a front company, "JMT Trading," to upload malicious code to GitHub.
Connecticut-based shipping and postage metering company Pitney Bowes disclosed yesterday morning that it had sustained a serious ransomware attack. The company believes that customer data were not compromised, and that the consequence of the attack will be confined to service disruptions. Groupe M6, the large media company headquartered in the Parisian suburbs, also disclosed an attack over the weekend, and L'Express calls it ransomware. Groupe M6's programming continued, but some business and customer contact functions were degraded. There's no evidence so far that the attacks are connected. In neither case has the ransomware strain or a threat actor been publicly identified. The incidents give point to recent Europol and FBI warnings about the ransomware threat.
Today's issue includes events affecting Argentina, Australia, Belize, Benin, Brazil, Bulgaria, Cameroon, Chile, China, Colombia, Costa Rica, Cyprus, Dominican Republic, Ecuador, El Salvador, European Union, Finland, France, Germany, Ghana, Guatemala, Honduras, India, Iran, Iraq, Italy, Ivory Coast, Democratic Peoples Republic of Korea, Lebanon, Mexico, Morocco, Netherlands, Nicaragua, Nigeria, Panama, Paraguay, Peru, Russia, Saudi Arabia, Singapore, Syria, Turkey, Ukraine, United Kingdom, United States, and Uruguay.
Bring your own context.
Testing isn't trivial.
"Absolutely, and that's exactly the reason - that normally, what happens is - and we develop things that are developed with rigor and with all good intentions by researchers and practitioners, but usually, we test them on small-scale things in the lab or in an experimental setting. And then when they are deployed in real-world infrastructures, they don't always scale. I'm not saying that they never scale. They don't always scale, and that's why we need to think about as to how we might be able to do this."
—Awais Rashid, professor of cybersecurity at the University of Bristol, on the CyberWire Daily Podcast, 10.11.19.
Silicon Valley calls it failure to scale. Hegel called it the arrogance of the understanding.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Oil Refiner Reports Major IT Incident in Finland(Bloomberg) Neste Oyj, Finland’s biggest oil refiner and maker of renewable fuels, said it’s experiencing extensive failures in multiple IT systems which are affecting its refinery’s production.
Shipping giant Pitney Bowes hit by ransomware(TechCrunch) Shipping tech giant Pitney Bowes has confirmed a cyberattack on its systems. The company said in a statement that its systems were hit by a “malware attack that encrypted information” on its systems, more commonly known as ransomware. “At this time, the company has seen no evidenc…
A close look at Fallout Exploit Kit and Raccoon Stealer(Bitdefender Labs) Over the last few months, we have seen increased Exploit Kit activity. One example is the Fallout Exploit Kit, which we will describe in depth in this article. Since its emergence in August 2018, threat actors have intensively used the Fallout Exploit Kit to... #FalloutExploitKit #RaccoonStealer
SafeBreach Unveils the Latest Critical Vulnerability to Stop Supply-Chain Attacks
(ToolBox Tech) Newly discovered supply chain attack vector on commonly-used open source hardware diagnostics systems could expose users to a major security risk.SafeBreach, the provider of Breach and Attack Simulation (BAS), recently announced that its SafeBreach Labs research team had created a critical security vulnerability in Open Hardware Monitor, a free,...
Drupalgeddon2 flaw still being exploited(Technology Decisions) Akamai researchers have uncovered an attack campaign seeking to exploit the critical Drupalgeddon2 vulnerability that was patched in March 2018.
Former cyber chief warns shipbuilding programs at risk(The Australian) Former national cyber security adviser Alastair MacGibbon has warned that Australia’s $90bn naval shipbuilding program could be at risk through theft or sabotage of data held by supply-chain firms working on the new submarines and frigates.
Bug bounty challenge surfaces DOD proxy weaknesses(GCN) Over a two-week period, white-hat hackers scoured hundreds of public-facing DOD Information Network proxy servers, virtual private networks and virtual desktops to find and disclose vulnerabilities.
Security Patches, Mitigations, and Software Updates
Hardening Firefox against Injection Attacks(Mozilla Security Blog) A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence ...
Microsoft Now Enables Windows 10 Tamper Protection By Default(BleepingComputer) Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default.
Where do the 2020 Candidates Stand on Cybersecurity Awareness?(SiteLock) The ugly news about Russian interference in the U.S. presidential election forced the issue of cybersecurity into the political spotlight in 2016. Since this catalytic event, political leaders have grappled with cybersecurity awareness on a global stage — and not all have done so gracefully.
The Underrated Risks of Data Exposure | Terbium Labs®(Terbium Labs®) We surveyed over 300 information technology (IT) professionals in the United States and Canada to better understand how businesses currently monitor and detect incidents of exposed data on the Internet, their current and future risks and the potential negative outcomes. The survey was fielded in September 2019 and the respondents are comprised of full-time IT professionals who work in various industries, including but not limited to, retail, finance, healthcare and ecommerce.
Sophos Becomes Latest U.K. Tech Target in $3.8 Billion Deal(Yahoo) Private equity firm Thoma Bravo agreed to buy Sophos Group Plc for $3.8 billion, taking the British cybersecurity firm private in the biggest takeover of a U.K. technology firm this year.Thoma Bravo will pay $7.40 a share in cash, or 583 pence per share, representing a premium of 37.1%
Why Huawei Isn’t So Scary(Foreign Policy) The Chinese company’s lead in the 5G race isn’t insurmountable, and other firms and countries shouldn’t rush into the fray.
Zscaler: Time To Buy(Seeking Alpha) Zscaler has fallen roughly 46% since its 52-week high. The stock has grown strongly with revenue growth rates above 50% for the past three years. Moreover, Zscaler is undervalued by 9.5% based on my estimates.
Crowdstrike Stock Tumbles as Citi Says Sell(Barron's) Crowdstrike stock was trading sharply lower after Citi analyst Walter Pritchard started coverage of the security company with a Sell rating. He also named two stocks to buy.
Shape Security: How This Unicorn Is Leveraging AI to Tackle Cybersecurity Crimes(Karma) Key Takeaway: Shape Security, which became a unicorn last month after raising $183 million to date, has developed an AI-powered engine that helps distinguish humans from bots and protects businesses from an increasing threat of cyberattacks. It is now one of the fastest-growing companies in the U.S. When Chipotle customers across the country complained this...
Infinigate Signs Distribution Agreement with iboss(Infinigate) Infinigate UK, a specialist IT security, cloud and MSP distributor has signed an agreement with iboss to distribute its range of cloud-based internet security solutions across the UK and Ireland.
Antivirus vs. Antimalware? The Difference is Vital For Cybersecurity!(TheTechNews) When you’re talking about Internet security and defending your home and work systems from threats, a lot of terms get thrown around without much connotation or definition: Spyware, adware, worms, viruses, Trojans, ransomware, cryptojacking – they all generally revolve around the same thing, but each is a separate element with its own definition and its […]
Phishing Tool Analysis: Modlishka(Akamai) Additional research and support provided by Danny Wasserman. Overview One of the goals of phishing sites is to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords, through the use of...
China’s Global Reach: Surveillance and Censorship Beyond the Great Firewall(Electronic Frontier Foundation) Those outside the People’s Republic of China (PRC) are accustomed to thinking of the Internet censorship practices of the Chinese state as primarily domestic, enacted through the so-called "Great Firewall"—a system of surveillance and blocking technology that prevents Chinese citizens from viewing...
Trump Green-Lights Some Sales to Huawei(New York Times) The administration plans to issue licenses allowing some American companies to sell nonsensitive products to Huawei, despite its placement on a U.S. blacklist.
Civil liberties groups sound alarm over online extremism bill(TheHill) Civil liberties and technology groups have been sharply critical of a draft bill from House Homeland Security Committee Democrats on dealing with online extremism, saying it would violate First Amendment rights and could result in the surveillance of vulnerable communities.
Clash Over Surveillance Software Turns Personal in Germany(Bloomberg) Markus Beckedahl was visiting Detroit when a legal threat arrived in his email inbox from the other side of the Atlantic Ocean: a cease-and-desist letter from lawyers representing FinFisher, a German company that sells surveillance technology that it says helps law enforcement stamp out crime.
The FBI Lost Our Son (Wall Street Journal) Billy Reilly, 28 years old, worked part-time as a confidential source for the Detroit office of the Federal Bureau of Investigation. For years, he penetrated radical internet groups online, using false identities. Then he disappeared.
Huawei’s Patents are Not the Enemy(IPWatchdog.com | Patents & Patent Law) The R Street Institute claims patents are too strong and are inhibiting American companies in the race for leadership in the 5G marketplace. American dominance of 5G technologies will not suffer because Verizon is sued by Huawei. Verizon is not the innovator of technologies that enable 5G telecommunications.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CISO Leadership Forum(Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...
driving.digital Conference 2019(Nitra, Slovakia, October 14 - 15, 2019) An international program conference focused on cyber security in the automotive industry and mobility. Conference themes will address the topic of stability of digital solutions in the automotive and mobility...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, October 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
7th Annual Cyber Resilience Summit(Arlington, Virginia, USA, October 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...
Cyber Hygiene: Why the Fundamentals Matter(Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...
EXCHANGE 2-19(New York, New York, USA, October 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.