Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
October 28, 2019.
By the CyberWire staff
The city of Johannesburg sustained a breach Thursday that led it to suspend most online services. The group claiming responsibility, the "Shadow Kill Hackers," has said they'll publicly dump all the stolen data if they're not paid four Bitcoin today.
A ransomware attack against TrialWorks, a widely used legal case management system, has caused disruption of trials and schedules as TrialWorks recovers, and as the law firms that use the product look for workarounds and alternatives. BleepingComputer says the ransomware strain involved is so far unknown, but the attack resembles in some respects August incidents that involved GandCrab's successor REvil/Sodinokibi. TrialWorks says it's decrypting the affected files, which has led to speculation that they went ahead and paid the ransom.
ISIS leader Abu Bakr al-Baghdadi died Saturday in Syria's Idlib Province, killing himself and three of his children as US special operations forces cornered him in a tunnel. According to the Voice of America, US Defense Secretary Esper said "late-breaking actionable intelligence" developed that morning enabled the attack to be executed within hours. Reuters says Al-Baghdadi was located with the assistance of captured ISIS leaders. Whatever its accuracy, this report and others like it will probably erode the terrorist group's relationships of trust. One of al-Baghdadi's principal lieutenants, spokesman Abu Hassan al-Muhajir, was, the Times reports, killed in a US airstrike hours after the Idlib raid. A Bloomberg op-ed argues that terrorist groups like ISIS have proven resilient to leaders' deaths. Expect any regrouping to be foreshadowed by information operations.
Today's issue includes events affecting Australia, China, India, Indonesia, Ireland, Democratic Peoples Republic of Korea, Morocco, Netherlands, Pakistan, Papua, Russia, South Africa, Sri Lanka, Syria, United Kingdom, United States.
Bring your own context.
Emotet has been around for five years, and it's still going strong. The Australian Cyber Security Centre warned Friday that Emotet currently represents a high-level threat. Part of the banking Trojan's stubborn persistence may lie in some attention to detail that lends plausibility to its phishbait.
"I think Emotet actually pioneered the type of spam reply where you reply in the middle of a chain of existing conversations. You know, you get a spam email. And even grandma nowadays is kind of leery. Like, I don't think I really am getting emailed by Nigerian prince, right? But on the other hand, if you've got an email chain open with your friend, and someone replies back pretending to be your friend and is like, hey, I saw your email. You know, I just realized it hadn't been a while since we caught up. Check out this attachment I included. I really think we should go there next Friday. And so you look at it, and it's titled, like, boat adventure, you know? And you're like, that might be legitimate. You know, maybe my friend does want to go out on the lake this weekend."
—Craig Williams, head of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 10.24.19.
Leave aside the dubious unfairness of picking on Grandma for the moment (especially since the US Federal Trade Commission has concluded that seniors are notably less gullible than youngsters). How sure are you that your bro' is actually the one who suggested that you check out the boat trip? It's still generic phishbait, but it also comes with the kind of shiny generic details you might find yourself biting on. Spit the hook, bro'.
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Raccoon Malware-as-a-Service Gains Momentum(SecurityWeek) Raccoon malware-as-a-service features like an easy-to-use automated backend panel, bulletproof hosting, and 24/7 customer support in both Russian and English
Older Bugs in Software Add to Security Debt(Decipher) In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization’s risk of a breach, Veracode warned.
Highlands on the road to recovery from cyber attack(Las Vegas Optic) New Mexico Highlands University is moving along in its recovery from the cyber attack that shut down campus for two weeks. Classes resumed Monday, and the ITS department, along with several others, has gotten the network up and running for instructional operations, though some computers still need to be rebuilt.
Luzerne County cyber attack expenses over $500K(Times Leader) Luzerne County has paid $563,196 to date recovering from a Memorial Day weekend cyber attack, although officials are expecting insurance to cover most of the expense. The figure is buried in the…
Security Patches, Mitigations, and Software Updates
The 2010s Have Broken Our Sense Of Time(BuzzFeed News) The rhythms of American life changed in the 2010s. How everything from TV to Trump to Instagram messed with your head just enough that time feels like it melted.
wolfSSL Version 4.2.0 is Now Available!(wolfSSL) The release of wolfSSL version 4.2.0 is now available! Many exciting new features were added in this release along with optimizations and some fixes. wolfSSL has spent 10,000 hours worth of engineering on creating the code for this release. We’ve added new features, ports, and made it more robust. For a full list of fixes, […]
Introducing Facebook News(Facebook Newsroom) We're introducing Facebook News to give people more control over the stories they see and the ability to explore a wider range of news interests within the Facebook app.
The Ransomware Superhero of Normal, Illinois(ProPublica) Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.
China adopts law on cryptography
(Xinhua) China's top legislature on Saturday voted to adopt a national law on cryptography. Lawmakers approved the law at the closing meeting of a bimonthly session of the Standing Committee of the National People's Congress, which started Monday.
Ohio beefs up cyber security with new response unit (Cleveland.com) Ohio is moving to strengthen its cyber defenses by creating a new unit tasked with responding when local governments are digitally attacked, under a new law signed on Friday by Gov. Mike DeWine.
Barr’s Review of Russia Probe Now a Criminal Investigation(Wall Street Journal) Attorney General William Barr’s expanding review of the Russia probe has evolved into a criminal investigation, giving a federal prosecutor who is leading the inquiry the ability to subpoena witnesses and use a grand jury.
Skripal Poisoner Attended GRU Commander Family Wedding(Bellingcat) In a series of investigative reports in 2018 and this year, Bellingcat and its media partners disclosed the existence of an elite unit within Russian military intelligence (GRU) engaging in clandestine overseas operations. This unit consists of approximately twenty graduates of elite Russian military schools, most having received hands-on combat experience in the wars in...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
NTCA 2019 Cybersecurity Summit(Salt Lake City, Utah, USA, October 27 - 29, 2019) The rural broadband industry, leading experts and critical stakeholders will be gathering at the NTCA 2019 Cybersecurity Summit to hear about managing cyber risk and current threat intelligence. This event...
North American International Cyber Summit(Detroit, Michigan, USA, October 28, 2019) Taking the Lead: Collaborating to Solve National Cyber Security Problems – Building partnerships and balancing competition and information sharing for improved security. The theme is designed to highlight...
IS2C Security Conference(Orlando, Florida, USA, October 28 - 30, 2019) (ISC)² Security Congress brings together a global community of cybersecurity professionals. The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking...
SecureWorld Denver(Denver, Colorado, USA, October 29 - 30, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.