Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.
October 18, 2019.
By the CyberWire staff
ESET describes a Trojanized TOR browser that warns victims that they're vulnerable to police snooping because their browser is out-of-date. The bogus update page to which the unwary are redirected installs malware that enables the crooks to steal cryptocurrency, mostly Qiwi and Bitcoin. The caper is conducted in Russian and is directed against Russian-speaking visitors to various darknet sites.
ESET has also reported that older and unpatched versions of Amazon's Kindle and Echo are vulnerable to key reinstallation attacks that exploit WiFi vulnerabilities to achieve man-in-the-middle status.
Upstream says it's caught the popular Android app Snaptube engaged in large-scale clickfraud.
A site offering the putative iPhone jailbreak "Checkrain" is, Cisco Talos warns, enrolling visitors in an ad-fraud campaign.
While Apple CEO Cook mollifies Beijing (as WIRED describes), Facebook's Zuckerberg said yesterday that his company is not only uninterested in returning to business in China, the Telegraph reports. Mr. Zuckerberg expressed Facebook's strong commitment to free speech as grounds for refusing to moderate political content.
TASS is authorized to state that, while the enemy of my enemy may not exactly be my friend, he could at least be my cooperating law enforcement agency. The Moscow Times has some information on US assistance to Russia's FSB in a Russian domestic counter-terror operation. What terrorist group was implicated isn't publicly known, but the US has in the past given Russia intelligence on Islamist operations.
Nevertheless, Russo-American relations in cyberspace aren't all rainbows and unicorns: Cozy Bear, after all, has resurfaced in the news.
Today's issue includes events affecting Australia, Canada, China, Egypt, Indonesia, Iran, Nigeria, Russia, Turkey, United Kingdom, United States, Venezuela, and Vietnam.
Bring your own context.
An old insight, worth repeating in the context of cybersecurity training, including such exercises as capture-the-flag competitions.
"There is a battlefield analogy, and that is, you want to go into battle with people that you trust, that you have experience with, that you can anticipate their every move. And I think it's like that. Even though it's a little bit of a different analogy, but it's like that in the corporate world as well. You want to train like you fight, and you want to fight like you train. And this is a great way to do it, and it's a fun way, and it keeps people interested."
—Justin Harvey, global incident response leader at Accenture, on the CyberWire Daily Podcast, 10.16.19.
Flavius Josephus said it was the secret to the Roman army's success: "Their drills are bloodless battles; their battles are bloody drills."
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
This Credential Phish Masks the Scam Page URL to Thwart Vigilant Users(Cofense) The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that aims to harvest credentials from Stripe, the online payment facilitator handling billions of dollars annually, making it an attractive target for threat actors seeking to use compromised accounts to gain access to payment card information and defraud consumers.
Popular app Snaptube accused of ad fraud, say researchers(TechCrunch) A popular video downloader app for Android has been found generating fake ad clicks and unauthorized premium purchases from its users, according to a security firm. Snaptube, which boasts some 40 million users, allows users to download videos and music from YouTube, Facebook and other major video s…
Secure-D uncovers non-human clicks and subscriptions from popular Android app Snaptube(Upstream) Upstream’s security platform Secure-D has detected and blocked more than 70 million suspicious mobile transaction requests coming from the Android app Snaptube in just six months. Snaptube has been delivering invisible ads, generating non-human clicks and purchases, then reporting them as real views, clicks and conversions to the advertising networks that serve them. The ads …
Microsoft Ending Support for Windows 7 and Windows Server 2008 R2(CISA) On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems. After this date, these products will no longer receive free technical support, or software and security updates.
Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2.
AVEVA Vijeo Citect and Citect SCADA(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Vijeo Citect and Citect SCADA
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
The IEC870IP driver for Vijeo Citect and Citect SCADA has a buffer overflow that could cause a server-side crash.
Horner Automation Cscape(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Low skill level to exploit
Vendor: Horner Automation
Vulnerabilities: Improper Input Validation, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed, which may allow the attacker to access information and execute arbitrary code.
Vic cyber attack recommendations ignored(Newcastle Herald) Two years after a cyber attack compromised Victoria's road safety cameras a series of "urgent recommendations" to fix vulnerabilities still haven't been done.
20 Data Security Risks Your Company Could Face in 2020(IT Security Central - Teramind Blog) This piece was originally published in Hackernoon. Today, data security is top of mind for companies, consumers, and regulatory bodies. After years of unfettered participation in the data-driven digital age...
LoginRadius Joins Cloud Security Alliance (CSA)(Technuter) LoginRadius announced their membership with Cloud Security Alliance (CSA). CSA is a not-for-profit organization that attracts a diverse and extensive network of 80,000 cybersecurity experts. CSA’s activities, knowledge, and global platform provide members with tools for creating and maintaining a robust and trusted cloud ecosystem.
Privacy-focused Brave browser boasts 8M monthly active users(The Block) Privacy-focused internet browser Brave has hit 8 million-mark in terms of monthly active users. Announcing the news on Wednesday, Brave said daily active users, on the other hand, have surpassed the 2.8 million mark. The browser, with opt-in blockchain functionality, also compensates content creators, users and advertisers in its native Basic Attention Token (BAT) for …
We are at war in cyberspace and doing too little about it(Idaho Statesman) The recent public safety power shutoff by Pacific Gas and Electric (PG&E) has drawn critics far beyond the more than 700,000 homes or businesses that lost electricity in northern California. California’s top utility regulator said that the “scope, scale, complexity and overall impact to people’s lives, businesses and the economy cannot be overstated.”
Space Industry Seeks Designation as Critical Infrastructure(Air Force Magazine) A new industry group set up to share intelligence about cyber threats to space-based assets like satellite communications will be lobbying the Trump administration to designate commercial space systems as critical national infrastructure.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cybersecurity for Small Businesses(Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...
PCI SSC 2019 Europe Community Meeting(Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...
Omaha Cybersecurity Conference(Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.