skip navigation

More signal. Less noise.

Cybersecurity Fabric: The Future of Advanced Threat Response

Today, it is not enough to protect your assets by collecting high quality threat intelligence – organizations need inline detection & mitigation at line-speed to protect themselves from incoming or existing threats on the network. As cyber strategy shifts towards a “Zero Trust” model, your organization needs to ensure that every device, user, workload, or system is being monitored with a Cybersecurity Fabric. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn more.

Daily briefing.

A report in Yahoo News offers details on the Stuxnet attack against Iran’s Natanz uranium enrichment plant. The US CIA and Israel’s Mossad are said to have approached the Netherlands intelligence service AIVD, which had an asset close to Iran’s nuclear program. According to the story that asset (described as a “mole” with training as an engineer) was able over a protracted period of time to deliver the Stuxnet attack code via USB to the air-gapped centrifuge controllers at Natanz.

Reports last week originating with Google’s Project Zero that detailed watering-hole attacks against iOS devices were amplified over the weekend. Forbes reports that the attacks also affected Android and Windows systems. There was speculation at the time of the initial reports that the attacks, while relatively indiscriminate, were intended to target specific groups. It now appears, according to TechCrunch, that the attackers were Chinese security services, and the targets were China’s Uyghur minority.

As unrest continues in Hong Kong and Beijing's reaction continues to escalate, Bloomberg and others report that Hong Kong protest organizers say that the Chinese government has mounted distributed denial-of-service attacks against the principal forum, LIHKG, the protestors have used to coordinate their actions.

Eclypsium has disclosed a family of authentication vulnerabilities it discovered in Supermicro X9-X11 servers’ baseboard management controllers. Eclypsium calls the vulnerabilities “USBAnywhere.” Their exploitation could enable a range of USB-based attacks.

Twitter CEO Jack Dorsey's Twitter account was hijacked Friday afternoon to display racist messages. The Verge says the "Chuckle Squad" claimed responsibility.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, France, Iran, Israel, Malaysia, Netherlands, Poland, Russia, United Kingdom, United States.

Bring your own context.

Biometrics are attractive as modes of identification, but the storage of biometric information in databases is thought by some to be problematic.

"So you and I can survive the loss of our credit cards, the loss of the Social Security number, we lost a few, but in the end, we're bitching about getting our credential back on ship, and we move on. If you lose your biometric now and in the future of the IOT, your loss is perpetual because if you lose your face or your finger imprint, there is no way this side of the galaxy that you can get a new face or new fingers. So databases are a no-go, for example."

—Martin Zizi, founder and CEO of Aerendir Mobile, on the CyberWire Daily Podcast, 8.29.19.

And cosmetic surgery probably isn't a realistic recovery option.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Insitute, as Joe Carrigan shares thoughts on security onboarding as the fall semester begins. Our guest is Rinki Sethi from Rubrik, speaking about the cybersecurity skills gap and the importance of diversity.

10th Annual Billington CyberSecurity Summit (Washington, DC, United States, September 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.

Cyber Attacks, Threats, and Vulnerabilities

Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran (Yahoo News - Latest News & Headlines) For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

Stuxnet virus attack details emerge as Israel eases cyber weapons sale restrictions (RT International) The Stuxnet virus that decimated Iran’s nuclear program was introduced by a Dutch mole working with the CIA and Mossad, intelligence sources claimed, as Israel is shopping its cyber weapons to anyone with cash to buy.

iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources (Forbes) The unprecedented attack on Apple iPhones last week was broader than first thought. There could be many more victims using Microsoft software too.

Chinese authorities behind two-year old iOS hack - and Android and Windows also compromised (Computing) Apple iOS compromise widespread in Xinjiang also affected Android and Windows PCs - but Google's Project Zero did not disclose these findings

Sources say China used iPhone hacks to target Uyghur Muslims (TechCrunch) A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned. Sources familiar with the matter said the websites were part of a state-backed attack — likely China — designed to target the Uyghur community in the country’…

Hong Kong Protester Forum Says Some DDoS Attacks Came From China (Bloomberg) An online service used by Hong Kong demonstrators said a large digital attack that knocked out its servers briefly over the weekend was unprecedented and originated in some cases from websites in China.

Supermicro Bug Could Let "Virtual USBs" Take Over Corporate Servers (Wired) A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.

‘USBAnywhere’ Bugs Open Supermicro Servers to Remote Attackers (Threatpost) Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker 'omnipotent' control over a server and its contents.

Coin-mining malware jumps from Arm IoT gear to Intel servers (Register) Cryptocurrency crooks look to siphon cycles from enterprise kit

Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software (BleepingComputer) A new malicious campaign is actively distributing a new Astaroth Trojan variant by abusing the Cloudflare Workers serverless computing platform to avoid detection and block automated analysis attempts.

Android RAT Exclusively Targets Brazil (Infosec Island) A newly discovered Android remote access Trojan (RAT) is specifically targeting users in Brazil, Kaspersky reports.

Report: Flight Booking Platform Exposes Customer Data (vpnMentor) Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in flight booking website Option Way.  ...

Foxit Software Breach Exposes Account Data (BankInfo Security) Foxit Software, the developer of popular PDF and document software, says user accounts were compromised in a breach. The company, which has 560 million users, isn't

Meet Retadup botnet that was infected by another malware (HackRead) Follow us on Twitter @HackRead

Bluekeep - a sword of Damocles as three exploits detailed and more expected (SC Magazine) Security researchers detail three ways to insert data into kernel using Bluekeep and suggest that further exploitation methods are likely to be developed.

TrickBot Bypasses Secure Email Gateway Using Google Docs PhishingTrickBot Bypasses Secure Email Gateway Using Google Docs Phishing (CSIRT-CY) The Google Docs online word processor is being used by attackers to disseminate TrickBot banking Trojan payloads to unsuspecting victims via executables camouflaged as PDF documents.

Phishers are Angling for Your Cloud Providers (KrebsOnSecurity) Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers.

Hiding in Plain Text: Jenkins Plugin Vulnerabilities (TrendLabs Security Intelligence Blog) On this blog, we will discuss information exposure vulnerabilities that affect certain Jenkins plugins using plain-text-stored credentials.

Vulnerabilities in WordPress Plugins allow hackers to create rogue admin accounts (SC Magazine) Several WordPress plugins could be used by hackers to create administrator accounts on unpatched websites.

FIN6 APT targeting individuals via LinkedIn in a bid to get web skimmers onto e-commerce sites | Computing (http://www.computing.co.uk) IBM X-Force warns of new spear-phishing attacks by APT it has tracked since 2015,Hacking,Security ,FIN6,ITG08,e-commerce websites,point-of-sale,Skimmer,LinkedIn,X-Force,IBM

Report: Flight Booking Platform Exposes Customer Data (vpnMentor) Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in flight booking website Option Way.  ...

Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case (Wall Street Journal) Criminals used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of funds in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.

Twitter Says CEO Jack Dorsey’s Twitter Account Was Compromised (Wall Street Journal) Several erratic tweets, including racist and anti-Semitic slurs, were posted from the account of Twitter Chief Executive Jack Dorsey, a high-profile security misstep at the social-media company.

Twitter CEO Jack Dorsey’s account was hacked (The Verge) Update: Twitter has now explained how the hack occurred

Viral Chinese face-swap app Zao triggers privacy fears (The Telegraph) A viral Chinese app which lets users swap their faces with celebrities in video clips has come under fire over claims its privacy policy had put millions of people's data at risk.

Chinese deepfake app Zao sparks privacy row after going viral (the Guardian) Critics say face-swap app could spread misinformation on a massive scale

Report: Church Website Builder Leaves Clergy & Volunteer Data Vulnerable (Website Planet) Severity: HighType: ElasticSearch DatabaseSize: 300mb accounting for 65,800

Report: Aliznet Data Breach Exposes Data for Millions of Canadian Customers (vpnMentor) vpnMentor’s research team has discovered a data breach related to Aliznet, a French consulting company in the retail sector. The company provides ...

Western Colorado school district says database was hacked but damage was limited (Denver Post) The Roaring Fork School District says hackers breached a database of special education students and teachers but didn’t obtain any social security numbers or financial information.

Board passes motion to allow Wolcott superintendent to pay ransom after cyber attack (WGNO) A cyber-attack compromised data from Wolcott Public Schools and now hackers are demanding a ransom.

Temple University Health System back online after cyber attack (KYW) A Philadelphia hospital is getting back online after falling victim to a cyber attack.Temple University Health System's computer system was hacked last week, according to officials.

Vulnerability Summary for the Week of August 26, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Cyber Trends

AI Will Change War, But Not in the Way You Think (War on the Rocks) This article was submitted in response to the call for ideas issued by the co-chairs of the National Security Commission on Artificial Intelligence, Eric

BEC overtakes ransomware and data breaches in cyber-insurance claims (ZDNet) BEC-relatedcyber-insurance claims accounted for nearly a quarter of all claims in the EMEA region, AIG said.

CISOs forced to use worst-case scenarios to gain board attention (SC Magazine) Companies are suffering from security data overload, and a lack of agreed meaningful metrics with CISOs being forced to use worst-case scenarios to gain board attention according to a new report

Cyber security and the cloud (Nominet) Enterprise security leaders have their say

Fileless Malware Detections Soar 265% (Infosecurity Magazine) Fileless Malware Detections Soar 265%. Trend Micro mid-year report warns of growing efforts to keep attacks hidden

Social media apps worsen internal risks to enterprises (SC Magazine) Many organisations list social media apps as the largest IT security threat

These US cities rank higher for tech security than personal safety (CNBC) The U.S. is home to some of the most digitally secure cities in the world, yet it lags behind in other important safety measures, a new study has found.

Bletchley Park veterans urged to share their secrets with world (Times) Winston Churchill called them his special hens, “who laid so well without clucking”, and for decades they kept silent about what they did during the war. Now, with the youngest hen aged well into...

Marketplace

Years in the making: Carbon Black is the capstone for VMware's security business strategy (SiliconANGLE) Don’t look now, but VMware Inc. has built a significant cybersecurity practice.

Huawei hasn’t given up on Australia as it plugs 6G smarts (Telecoms.com) Even though Australia blindly followed the US down the Huawei-accusation rabbit hole, the Chinese vendor hasn’t given up on the country, using the 6G carrot to tempt the Aussies back into the fray.

Booz Allen Awarded $90M DIA Intelligence Support Services Contract (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Booz Allen Awarded $90M DIA Intelligence Support Services Contract ".

DIA chooses 16 firms for massive $17.1 billion military intelligence support contract (Military Embedded Systems) The Defense Intelligence Agency (DIA) has awarded spots to 16 companies on a potential 10-year, $17.1 billion contract to provide military intelligence support for national-security policymakers, defense planners, and warfighters in the field.

Apple’s China conundrum: iPhone maker faces a difficult decision over how to treat Beijing as tariffs bite (The Telegraph) Apple’s Mac Pro, a supercharged high-end computer designed for professional filmmakers and graphics designers, is not one of the tech giant’s more important products.

Products, Services, and Solutions

Data protection analysis: Privacy Status Evaluation (unn | UNITED NEWS NETWORK GmbH) PSE (Privacy Status Evaluation) is a web-based tool by IITR Cert GmbH and was developed for companies to analyze their data protection status

Technologies, Techniques, and Standards

Hong Kong Protestors Using Mesh Messaging App China Can't Block: Usage Up 3685% (Forbes) Mesh networking: how you communicate when China censors the internet.

Why Focusing on Threat Hunting May Leave you Vulnerable (Infosecurity Magazine) Uncovering poorly managed security solutions is a useful byproduct of threat hunting

5 signs your security culture is toxic (and 5 ways to fix it) (CSO Online) Here's how to get the security culture you want if you see these warning signs in your organization.

7 Questions to Ask Your Child’s School About Cybersecurity Protocols (McAfee Blogs) Just a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you've made digital Just a few weeks into the school year and already school cybersecurity is a hot topic. With a number of fraud and ransomware cases making headlines, should you be concerned about . your child's data being compromised at school? You may want to ask school leaders these questions.

Nine in 10 parents have not installed cybersecurity on child’s digital device (Education Technology) Children are more vulnerable to cybercriminals because of their personal digital devices, cybersecurity experts have warned. A survey by security firm Kaspersky found that only 13% of parents have installed online security software to the phone, laptop or tablet used by the child. The survey also found that 87% of parents don’t limit the amount …

Design and Innovation

Identity and Authentication Seek a New Paradigm (SIGNAL Magazine) The secret word is out and crypto is in. Passwords are being abandoned in favor of a range of new methods that are more secure and, in some cases, more user friendly.

The quest to create a world without likes, retweets and follower counts (The Telegraph) Imagine social media without any numbers.

Research and Development

DARPA launches Semantic Forensics project to identify fake news and online disinformation (Computing) Algorithms developed under DARPA's SemaFor project will be able to scan more than 500,000 stories, videos, images and audio files to identify fakes

Academia

Sunway University is the First University in Malaysia and the Region to Set Up a Security Operations Center Lab Powered by RSA Security (PR Newswire) With the enormous growth of e-commerce and readily digitally available data online, accuracy in...

Legislation, Policy, and Regulation

US and Poland sign agreement to cooperate on 5G technology (AP NEWS) The U.S. and Poland signed an agreement Monday to cooperate on new 5G technology as concerns grow about Chinese telecommunications giant Huawei. Vice President Mike...

U.S. and Poland Ink 5G Security Agreement Amid Anti-Huawei Campaign (Bloomberg) Pence signs agreement with Polish prime minister during visit. Trump administration struggling to get Europeans to join ban.

US and Poland sign 5G security agreement amid anti-Huawei campaign (South China Morning Post) US Vice-President Mike Pence and Poland’s Prime Minister Mateusz Morawiecki signed the deal on Monday.

Brazilian citizen data under threat with sale of national tech firms (ZDNet) A manifesto released by the employees at one of the state-controlled firms to be privatized by the government raises concerns over the future of information belonging to millions of citizens.

Insulting Putin May Now Land You in Jail Under a New Russian Law (Bloomberg) President signs laws against ‘fake news,’ disrespect of state. Offenders face fines, possible prison term under crackdown.

Angry Nationalists Don’t Sell China’s Message (Foreign Policy) Targeting Hong Kongers instead of persuading them is a dangerous course.

U.S. Unleashes Military to Fight Fake News, Disinformation (Bloomberg) Pentagon research to sift 250,000 news items in initial phase. Fears grow about viral political memes polarizing society.

Senators on Protecting Kids' Privacy: 'It's Complicated' (Wired) Even conservative lawmakers say they're open to more regulation when it comes to tech companies and children online. So where is it?

Key Republican lawmaker introduces legislation to defend state, local governments against cyberattacks (TheHill) Rep. John Katko (R-N.Y.) introduced legislation Friday designed to help state and local governments defend against cyberattacks on the heels of debilitating ransomware attacks across the country.

Analysis | The Cybersecurity 202: DNC move against phone-in caucuses pits cybersecurity vs. voter participation (Washington Post) 2020 candidates say the move could alienate voters and help a Trump victory

Litigation, Investigation, and Law Enforcement

North Korea denies it amassed $2 billion through cyberattacks on banks (Reuters) North Korea denied on Sunday allegations that it had obtained $2 billion through...

What the Jetflicks and iStreamItAll Takedowns Mean for Piracy (Wired) In a sweeping indictment, the feds came down hard on two unauthorized streaming services that allegedly crossed a very important line.

Google to Pay Millions in Fines Over Children’s Privacy Issues at YouTube (Wall Street Journal) The Federal Trade Commission has approved a settlement with YouTube over children’s privacy issues that imposes a fine of around $150 million to $200 million, people familiar with the matter said.

Google to pay up to $200M to settle FTC YouTube investigation (POLITICO) The FTC voted 3-2 along party lines to approve the settlement

Capital One cryptojacking suspect indicted (Naked Security) The former software engineer allegedly created scanners to look for misconfigured servers rented from a cloud computing company.

Darktrace boss will not appear as key witness for Mike Lynch in $5bn 'trial of the century' (The Telegraph) The chief executive of cyber security start-up Darktrace will not give evidence at the multi-billion "trial of the century" between US technology firm HP and the former chief executive of Autonomy, according to HP's lawyer.

Don’t turn this whistleblower into a saint (Times) A new heroine of the people has burst into celluloid existence as a fresh focus for cosily predictable outrage. Katharine Gun was a GCHQ translator who, in 2003, leaked classified information about...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...

10th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 4 - 5, 2019) This year's theme is, "Reinventing Cybersecurity: Addressing Tomorrow's Top Cyber Challenges." The summit has become the world's leading summit on government cybersecurity. It will convene again U.S. and...

2019 Intelligence and National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2019) The Intelligence & National Security Summit, powered by AFCEA International and the Intelligence and National Security Alliance (INSA), is the premier forum for unclassified dialogue between U.S. Government...

Derbycon 2019 (Louisville, Kentucky, USA, September 4 - 8, 2019) DerbyCon isn’t just another security conference. We’ve taken the best elements from all the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.