skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Dragos has published a reassessment of the 2016 CRASHOVERRIDE attack on a portion of Ukraine's power grid. They now believe that the attack was probably intended to disrupt operations for weeks or months as opposed to the hours the actual outage lasted. They also think that the threat actor (which they track as "Electrum" and which is widely regarded as working on behalf of Russian intelligence) intended the destruction of some pieces of equipment. Electrum now seems to be taking an interest in other sectors' industrial control systems, and those interests appear to extend beyond Ukraine.

Zscaler describes InnfiRAT, a remote-access Trojan designed to steal cryptocurrency wallet information.

AdaptiveMobile Security yesterday announced the discovery of "Simjacker," a vulnerability and associated exploits in which an SMS is used to effectively hijack a mobile device's SIM card via its S@T Browser. The company says that a "sophisticated threat actor" has been exploiting Simjacker in the wild for at least two years.

The SINET 16 have been announced.

A pair of Coalfire pentesters were arrested during an engagement at the Dallas County, Iowa, courthouse. The Des Moines Register says that the Iowa Judicial Branch did indeed hire them to conduct penetration testing of court records, but that the court administrators did not expect physical penetration to be within the scope of the job.

The Baltimore Sun reports that Baltimore has gotten around to realizing that it permanentlly lost some data in May's ransomware attack. The city now thinks backups are a good idea.

Notes.

Today's issue includes events affecting Bahrain, China, European Union, France, Hungary, Ireland, Israel, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, South Africa, Ukraine, United Arab Emirates, United Kingdom, United States.

Bring your own context.

It can be difficult to build in security, especially when software derives from multiple open sources.

"No one has a great process for managing supply chain of software that comes in outside of open source, just any third-party software you might buy or have built for you. And I think that's another weakness, as well. Maybe there's a pen test of that software, but not many companies are looking at how the software is built and the processes in the secure SDLC that those companies are undertaking as they build software."

—Drew Kilbourne, managing director of security consulting at Synopsys, on the CyberWire Daily Podcast, 9.11.19.

The software supply chain may be even more difficult to secure than the hardware supply chain.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich discusses web spam systems. Our guest is Rosa Smothers from KnowBe4, discussing her career journey and the importance of diversity in tech.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Attacks, Threats, and Vulnerabilities

North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants (Dark Reading) The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.

Cyber Attack against Hungarian Government Organization (Hungary Today) The Hungarian Development Center (MFK) is forced to reorganize its administration from scratch after a hacker attack destroyed its entire digital database in mid-July, news site 24.hu reports. Allegedly, the attack most likely came from North Korea. The Ministry of Foreign Affairs later confirmed the cyber attack but denied any data loss, stating the MFK […]

EXCLUSIVE: Israel needs to be ready for terrorist 'dirty' cyber bomb (Jerusalem Post) Ex-deputy head of US Cyber Command warns that the West is not prepared for an attack.

Russian Hackers Behind Ukraine Power Outage May Have Sought More Damage (SecurityWeek) The Russian hackers behind the 2016 Crashoverride/Industroyer attack that caused a power outage in Ukraine may have been hoping to cause more serious damage.

New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction (Wired) A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage.

Air APT (NETSCOUT) Executive Summary Airlines and the airport industry in general are highly lucrative targets for APT groups; they are rife with information that other countries would f

InnfiRAT: A new RAT aiming for your cryptocurrency and more (Zscaler) Zscaler ThreatLabZ team discovered a new RAT, InnfiRAT, which is written to look for cryptocurrency wallet information, such as Bitcoin and Litecoin. This malware creates a backdoor to steal additional user information, including usernames and passwords.

Simjacker attack exploited in the wild to track users for at least two years (ZDNet) Simjacker attack abuses STK and S@T Browser technologies installed on some SIM cards.

Autumn Aperture Report (Previllion) Autumn Aperture: Threat Campaign Highlights New Evasion Technique using an Antiquated File Format   Authors: Danny Adamitis and Elizab...

How disinformation could sway the 2020 election (The Conversation) The Russians won’t be alone in spreading disinformation in 2020. Their most likely imitator will be Iran. Also, Instagram could get even more infected with intentional misinformation than it has been.

3S-Smart Software Solutions GmbH CODESYS V3 Products Containing a CODESYS Communication Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 products containing a CODESYS communication server Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Control V3 OPC UA Server Vulnerability: NULL Pointer Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

3S-Smart Software Solutions GmbH CODESYS Control V3 Online User Management (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Control V3 online user management Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized actors access to unintended functionality and/or information.

3S-Smart Software Solutions GmbH CODESYS V3 Web Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 web server Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2.

3S-Smart Software Solutions GmbH CODESYS V3 Web Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 web server Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2.

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Library Manager Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow malicious content from manipulated libraries to be displayed or executed.

Philips IntelliVue WLAN (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Philips Equipment: IntelliVue M3002A X2 MMS Transport Monitor/Module and IntelliVue MP monitors (MP2/X2, MP5, MP20-MP90, MX600, MX700 and MX800) Vulnerabilities: Use of Hard-coded Password, Download of Code Without Integrity Check 2.

Report on Election Security Gains Attention, and a Sharp Rebuke (ProPublica) A Virginia cybersecurity company asserted many states were vulnerable to election system intrusions. Critics called the report flawed and questioned whether the company was looking to exploit legitimate anxiety about election security.

Fraudsters Obtained $30 Million Worth of IP addresses in South Africa: Expert’s Comments (Global Security Mag Online) Earlier this month, South African media revealed an elaborate fraud scheme where IPv4 addresses reportedly worth at least $30 million on the second-hand market were stolen or misappropriated from large multinational companies based in South Africa.

Ireland Hit by Pedophile Sextortion Email Scam (Infosecurity Magazine) Aggressive sextortion emails are being sent to Irish inboxes, threatening to expose people as pedophiles

Baltimore acknowledges for first time that data was destroyed in ransomware attack (Baltimore Sun) Baltimore's auditor said Wednesday that IT department performance data was lost when hackers locked city files in May — the first disclosure of data being destroyed in the attack.

Salamanca schools among 13,000 districts affected by data breach (The Salamanca Press) The Salamanca City Central School District was one of the 13,000 schools and universities recently hacked with a data breach to Pearson Education, district officials reported last week.

Rockford Public Schools hold ‘State of the District’ luncheon amidst cyber attack (MyStateline.com) Amidst a cyber attack against Rockford Public Schools, District 205 leaders are discussed the State of the District at Giovanni’s on Thursday. Superintendent Dr.…

Cyber Trends

Attack Landscape H1 2019: IoT, SMB traffic abound (F-Secure Blog) In the first half of 2019, traffic measured by F-Secure's global network of honeypots was twelve times higher when compared with the same period in 2018.

Thycotic Research Reveals Where Hackers and Security Professionals Agree and Where They Differ (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 20...

New Poll Shows Consumers' Expectations on Data Privacy Evolve, But So Does Technology (Security Intelligence) Consumers' understanding of data privacy is evolving. Nearly two-thirds of poll respondents strongly agree that companies should be doing more to protect them against cybersecurity threats.

Beware! In most of the cases, hackers need their victims' help to launch a successful cyber attack (CyberByte Blog) Hackers target people more often than infrastructure. For example, last year, from all emails found distributing malware 99% of them did require human interacti

Facebook Suspends Netanyahu Campaign Bot for Hate Speech (New York Times) A message sent out by Prime Minister Benjamin Netanyahu’s campaign accused Israel’s Arab politicians of wanting “to destroy us all.”

Marketplace

2019 SINET 16 Innovators Announced (Yahoo) Winners Selected from an Increasingly Competitive Applicant Pool of Disruptive Cybersecurity Companies Across the Globe

Shape Security eyes IPO after raising $51 million at $1 billion valuation (VentureBeat) Shape Security, which uses AI and machine learning to help businesses block automated online fraud, has raised $51 million in a fresh round of funding.

Lacework Closes $42 Million Financing Round Adds Cloud Security Leader (Lacework) Addition of VC veterans Mike Speiser and John McMahon prepare Lacework for aggressive growth within cloud, container and DevOps security markets

Shift5 Raises $2.5 Million in Seed Round (PR Newswire) Shift5, Inc. a cybersecurity company that builds hardware and software products to defend weapon systems, air...

The A.I. Boom Helped This Data Cleaning Startup Collect $100 Million From Investors (Fortune) Data-cleaning tools will help scientists put an end to wasting time working as “glorified data janitors.”

Amid censorship storm, Cloudflare makes way for a $4.4B IPO (PitchBook) Cloudflare priced its IPO at $15 per share, giving the internet services provider an initial market cap of around $4.4 billion. We took a look at the company's journey from founding to the NYSE.

Implementing a successful cyber insurance program: Key steps and considerations (CSO Online) In a first, a Black Hat micro summit explains how insurers assess risk to write cyber insurance policies as more organizations seek to indemnify themselves against potential breach losses.

NightDragon Security Announces Addition of Admiral Mike Rogers, Nadav (PRWeb) NightDragon Security, a dedicated cybersecurity investment firm, today announced an expansion of its team by adding Admiral Mike Rogers, Nadav Zafrir, and

Products, Services, and Solutions

Acceptto Achieves FIDO2 Certification to Help Organizations Move Beyond Passwords (Markets Insider) Acceptto, the leading provider of Continuous Behavioral Authentication, has been certified by the FIDO (Fast ...

Tier 1 Cyber Certification Puts Cybersecurity Defense on the Offense (Tier 1 Cyber) The over-1,000-point assessment is the most aggressive on the market by the most elite team.

IBM looks to secure hybrid multi-cloud space with z15 (ITWeb Africa) Enterprise platform said to encompass first technology in the industry to manage privacy of customer data across hybrid multi-cloud environments.

Technologies, Techniques, and Standards

Five Recommended Ransomware Defenses For MSPs … And Our Experts Add Three More (CRN) In the wake of the ransomware attack on 22 Texas towns three weeks ago, the Texas Department of Information Resources provided a list of recommended actions to help MSP stop intrusions into their networks

OWASP API Security Project (OWASP) A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

Leveraging AI to transform power grid security (Atlantic Council) Given our acute dependency on an uninterrupted supply of power, it is hardly surprising that power grids are among the most strategically important pieces of infrastructure for economic and national security alike.

Data Breaches Elicit Calls for More Transparency (Wall Street Journal) Companies are coming under increasing pressure to release details about how hackers infiltrate their systems and steal sensitive information.

4 Key Lessons for Enterprise Mobile Device Security (Endpoint Security Solutions Review) Mobile devices continue to prolifferate. Therefore, we present our favorite lessons about enterprise mobile device security.  

6 Cybersecurity Best Practices For Your Small Business (Business 2 Community) When was the last time you checked a piece of news about small business being hacked? Small business owners often……

Design and Innovation

Updating the Values That Inform Our Community Standards (Facebook Newsroom) We’re expanding the values that serve as the basis for our Community Standards — the guidelines for what is and isn’t allowed on Facebook.

Facebook updates policy on limiting expression (Seeking Alpha) Facebook (FB -0.4%) has issued a policy update, "expanding the values that serve as the basis for our Community Standards."

Elevating original reporting in Search (Google) Google makes ranking changes to highlight original reporting.

Exclusive: Amazon will let anyone answer your Alexa questions now (Fast Company) The Alexa Answers crowdsourcing platform is now open to everyone in the United States. Amazon says it has measures in place to prevent misuse.

This Liberal Group’s Website Was Deemed Porn by the Trump Administration (The Daily Beast) No one thinks the citizen advocacy group Public Citizen is racy. And yet for months its website was being deemed adult content by the Department of Education’s web filter.

Opinion: The security necessity for U.S. innovation in 5G networks (Silicon Valley) How we build our next generation 5G network has profound implications

Research and Development

IBM and Fraunhofer Join Forces on Quantum Computing Initiative for Germany (Quantaneo, the Quantum Computing Source) Agreement Bolsters Germany's Innovation Agenda with focus on Creating New Community around Quantum Research and Skills. IBM (NYSE: IBM) and one of Europe's leading organization for applied research, Fraunhofer-Gesellschaft announced an agreement to partner in the area of quantum computing wit...

Academia

Sixteen Graduate from Cyber Florida’s Veteran-Friendly Rapid Training Program (Tampa Bay Newswire) An innovative approach to addressing Florida’s critical cyber workforce shortage, the program prepares veterans and members of other underrepresented groups for entry-level cybersecurity positions  September 9, 2019 – Tampa, FL: Dignitaries from Cyber Florida, the University of South Florida, and JPMorgan Chase & Co. were on hand the afternoon of Friday, September 5, to celebrate the graduation of sixteen…

Legislation, Policy, and Regulation

Facebook's Libra cryptocurrency 'will be blocked in Europe' (The Independent) French finance minister says: ‘We cannot authorise the development of Libra on European soil’

France calls for EU rules on cryptos (Seeking Alpha) As Facebook (NASDAQ:FB) aims to get a payment system license from Switzerland's FINMA, France said it will block the crypto's development until consumer risk and governments' monetary sovereignty were addressed.

NZ to fund NZ$10m to support Pacific cybersecurity strategy (ZDNet) Over the next five years, the New Zealand government will support Pacific countries as they secure their infrastructure and data, enhance online safety, and implement new cyber crime laws.

U.S. flags Huawei 5G network security concerns to Gulf allies (Reuters) The United States has raised its concerns with Gulf allies over a possible secur...

NSA Publishes Threatening Letter Calling for Encryption Backdoors (The Mac Observer) Glenn S. Gerstell, general counsel for the National Security Agency (NSA) published a letter in the New York Times.

New internet security policy will help agency cloud migration (Fifth Domain) A new memo from the Office of Management and Budget outlines four approved use cases for Trusted Internet Connections.

Litigation, Investigation, and Law Enforcement

Google to pay $1 billion in France to settle fiscal fraud probe (Reuters) Google agreed to pay close to 1 billion euros ($1.10 billion) to French authorit...

Coinbase UK Settles Lawsuit With Victim of Email Phishing Attack (Cointelegraph) The U.K. arm of cryptocurrency exchange Coinbase settled a lawsuit with a man who lost 80 Bitcoins in an email phishing attack.

WSJ News Exclusive | Government Orders Google: Let Employees Speak Out (Wall Street Journal) Federal regulators have ordered Google to assure employees they are allowed to speak out on political and workplace issues, as part of a settlement of formal complaints that the search giant punishes those who do just that.

Google will confirm employees can discuss "workplace issues" as part of a settlement (The Verge) A complaint alleged it unfairly fired a conservative employee.

The FBI is investigating a venture capital fund started by Peter Thiel for financial misconduct (Vox) Mithril Capital raised over $1 billion on the name of Thiel, one of Silicon Valley’s biggest celebrities. Now federal investigators are looking under the hood.

Trump says he does not believe Israelis are spying on the U.S. (Reuters) U.S. President Donald Trump said on Thursday he does not believe Israel is spyin...

Pentesters arrested probing courthouse security charged as criminals (Mashable) The two men had been hired to do a security test. Apparently no one bothered to tell the police.

Edward Snowden Tells NPR: The Executive Branch 'Sort Of Hacked The Constitution' (NPR) In an interview with NPR about his memoir, Permanent Record, former NSA contractor Edward Snowden denies any cooperation with Russian intelligence and says he would return if guaranteed a fair trial.

Ukrainian man pleads guilty to hacking, wire fraud charges (Washington Post) A member of a sophisticated international hacking group that authorities say targeted businesses to steal credit and debit card records has pleaded guilty to hacking and wire fraud charges

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Fraud Force Summit (Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...

Phoenix Cybersecurity Conference (Phoenix, Arizona, USA, September 19, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Maryland Cyber Solutions Showcase (Baltimore, Maryland, USA, September 19, 2019) The Maryland Cybersecurity Solutions Showcase is the single source for businesses, government agencies and nonprofit organizations of every size in every industry to find: Information (get answers to cybersecurity...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.