How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 25, 2019.
"Caveat:" a new podcast on cybersecurity law and policy
The CyberWire is pleased to announce the launch today of “Caveat,” a new weekly podcast addressing cybersecurity law and policy, with a particular focus on surveillance and digital privacy. Caveat is available at our website.
This latest addition to the CyberWire’s popular lineup of programs is hosted by Dave Bittner and Ben Yelin, the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security. Each week, Dave and Ben break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digital age will find the discussions accessible, relevant, and thought provoking.
We gratefully thank KnowBe4, the sponsor of Caveat, for their support.
SecurityWeek's 2019 ICS Cyber Security Conference
SecurityWeek's 2019 ICS Cyber Security Conference wrapped up yesterday afternoon in Atlanta. SecurityWeek's conference showed, as it has in past years, a more even mix of clients and vendors than one often sees at such events, and the panel that offered a final look at the event suggested that next year's meetings should feature even more technical discussions of case studies than were on offer in 2019.
The last day's discussions returned to themes that had been prominent throughout the week, especially the centrality of process integrity and the importance of attention to sound security fundamentals. The former point's prominence showed a maturation of the ICS security community's understanding of the challenges it faces, and also the waning of the familiar complaint that industrial cybersecurity remains too dominated by those who've come up through the information assurance ranks. And the second point, while not a new one, is far from banal. CyberX's Phil Neray presented his company's annual risk report, and those interested in seeing some of the reasons why the basics continue to matter need look no further.
This concludes our special coverage of SecurityWeek's 2019 ICS Cyber Security Conference, but, of course, we'll be watching for any further news that develops from the conference and its participants.
By the CyberWire staff
Lookout has found a large phishing campaign targeting United Nations agencies and a range of humanitarian aid organizations.
The Russian embassy to the UK has told Reuters that reports of Turla piggybacking on Iranian attack methods are "unsavoury" misreadings of GCHQ and NSA warnings.
Google scrubbed forty-two apps from the Play store that served Ashas adware. ESET discovered Ashas and traced the developer to a university in Vietnam. In another purge, Apple removed seventeen Trojanized iOS apps that Wandera identified and reported.
The dark web gets more bad press than good, but it's worth noting that it has benign uses, like the BBC's adoption of TOR to help its users avoid censorship by repressive governments. The network particularly mentions China, Iran, and Vietnam as countries who've sought to restrict its content. The BBC News international site will be available in the mirror, as will the BBC's Arabic, Persian and Russian services.
US Senators Wyden (Democrat of Oregon) and Warren (Democrat of Massachusetts) have asked the Federal Trade Commission to investigate any role Amazon may have had in the Capital One breach. The Washington Post reports that Senators Cotton (Republican of Arkansas) and Schumer (Democrat of New York) have asked the Intelligence Community to determine whether the Chinese-owned social network TikTok represented a security threat. With respect to content moderation, TikTok told BuzzFeed its moderators are in the US, not China.
Shopping bots are the ticket-scalpers of e-commerce. Cequence, looking ahead to the holidays, explains how the secondary gray market works.
Today's issue includes events affecting Australia, Brazil, China, Czech Republic, France, Germany, India, Iran, Russia, Sweden, Switzerland, Ukraine, United Nations, United Kingdom, United States, and Vietnam.
Bring your own context.
We've heard about legislative and regulatory proposals that would give people ownership over their personal data. How might that work, in lay terms, counselor?
"You know, you have something like bailment where if I give the valet my keys, yes, he holds those keys, but it's not his. He can't go out and give them to somebody else. I'm entrusting him with those keys. They're still technically my property, but I've entrusted them to somebody else."
—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire's Caveat podcast, 10.23.19.
Yours, but entrusted to someone else for a very specific purpose.
The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour reviews their research into phishing. Our guest is Jeremy Smith, author and host of The Hacker Next Door podcast.
And the CyberWire's new weekly podcast Caveat is also up. In this inaugural episode, "Crowdsourced private surveillance," Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Apple bans 15 apps created by Gujarat-based app company for cheating(Gadget Now) Mobile security firm Wandera has discovered 17 apps infected with clickware meant to increase advertising revenue. All of these 17 apps are made by Gujarat-based AppAspect Technologies Pvt. Ltd. Apple has removed 15 of these apps. These apps contained malware that used to open web pages and click on ads in the background.
Trojan malware infecting 17 apps on the App Store(Wandera) Wandera’s threat research team has discovered 17 apps on the Apple App Store that are infected with clicker trojan malware. The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue.The clicker trojan module
Philips IntelliSpace Perinatal(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Low skill level to exploit
Equipment: IntelliSpace Perinatal
Vulnerability: Exposure of Resource to Wrong Sphere
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration.
Rittal Chiller SK 3232-Series(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Rittal Chiller SK 3232-Series
Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials
Honeywell IP-AK2(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vulnerability: Missing Authentication for Critical Function
NeuShield Predicts the Top Cybersecurity Threats for 2020 and Beyond(NeuShield Ransomware Protection) NeuShield, which developed the world’s first mirror shielding technology to instantly recover data and files when other malware defenses fail, predicts that 2020 will bring growing threats to Internet of Things (IoT) devices, increasingly organized cybercriminals, the exploitation of 5G vulnerabilities, more sophisticated ransomware attacks, and new cyberattacks on... Read more »
Prepare for a New Cyber Cold War in 2020, Warns Check Point(Yahoo) Check Point® Software Technologies Ltd. (CHKP), a leading provider of cyber security solutions globally, has unveiled its cyber-security predictions for 2020. They reveal the major cyber incidents and technical developments that Check Point’s researchers anticipate will impact our societies and businesses
2020 Vision: Check Point’s cyber-security predictions for the coming year(Check Point Software) Published October 24th, 2019 Hindsight is 20/20 vision, as the old saying goes: it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future. However, by looking at security developments over the past couple of years, it’s possible to forecast what’s likely to…
Imperva RASP Now Supports .NET Core Apps for Security by Default(Imperva) Imperva now supports the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital transformation.
What happens when the military holds a ‘con’(Fifth Domain) Despite the fact most of the “hackers” attending the conference were all members of the military, it was difficult to discern who was a uniformed member of the service and who wasn’t.
Rethinking Encryption(Lawfare) All public safety officials should think of protecting the cybersecurity of the United States as an essential part of their core mission to protect the American people and uphold the Constitution. In order to do that effectively, they should deal with reality and embrace encryption.
Rogers warns on 'stovepiped' cybersecurity(FCW) The ranking member of the House Homeland Security Committee said agencies should be coordinating their cybersecurity efforts under CISA's direction and leadership.
Senators Ask FTC to Investigate Amazon Over Capital One Hack(Wall Street Journal) Democratic senators are asking the Federal Trade Commission to investigate Amazon over concerns the company ignored security warnings about a vulnerability that enabled the hack of Capital One customer data in one of the biggest-ever heists of such banking records.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
NTCA 2019 Cybersecurity Summit(Salt Lake City, Utah, USA, October 27 - 29, 2019) The rural broadband industry, leading experts and critical stakeholders will be gathering at the NTCA 2019 Cybersecurity Summit to hear about managing cyber risk and current threat intelligence. This event...
North American International Cyber Summit(Detroit, Michigan, USA, October 28, 2019) Taking the Lead: Collaborating to Solve National Cyber Security Problems – Building partnerships and balancing competition and information sharing for improved security. The theme is designed to highlight...
IS2C Security Conference(Orlando, Florida, USA, October 28 - 30, 2019) (ISC)² Security Congress brings together a global community of cybersecurity professionals. The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.