What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
September 18, 2019.
By the CyberWire staff
Symantec researchers report a previously undocumented threat actor, "Tortoiseshell," conducting what appears to be an espionage sweep through the IT supply chain. Tortoiseshell is unusual in that its tools are for the most part custom-built. They have found the Poison Frog variant of the Bondupdater backdoor used by OilRig (a.k.a. HelixKitten), but this doesn't offer much help in attribution: those tools had been leaked to the world in April.
The Simjacker vulnerability AdaptiveMobile described last week may prove more difficult to exploit had been thought. A number of researchers tell Computing that the vulnerability lies in a legacy feature of SIMs that most mobile carriers no longer use.
RCMP Commissioner Brenda Lucki describes the arrest of Cameron Ortis under the Information Security Act as "unsettling," and points to a joint investigation with the FBI as suggesting that the Mounties had a rogue insider, City News reports. Other than asking people not to judge the RCMP as a whole on the basis of Mr. Ortis's alleged misconduct, she had little to add to the story.
As Edward Snowden continues his book tour, the US Department of Justice has filed a civil lawsuit against the author and sometime NSA contractor. Justice isn't interested in stopping publication of the book, or in altering its contents. Instead, the Government wants whatever money Mr. Snowden makes on sales of Permanent Record. The principle is that someone shouldn't be able to profit from violating a proper non-disclosure agreement like the one Mr. Snowden had with NSA.
Today's issue includes events affecting Austria, Canada, China, Germany, Iran, Israel, Poland, Russia, Saudi Arabia, Singapore, Switzerland, United Nations, United States.
Bring your own context.
Tell us about HTTPS.
"It's the magical green safe icon we've been conditioned to trust, but it's actually turning out that the trust shouldn't be implicit. And we know that the green icon means that our data is safe in motion. We can all agree on that. If you have your browser and that green safe is up there or your green bar - or the black safe, if you're using Chrome - that means that your browser has negotiated a TLS protocol with the web server, and intruders or attackers or adversaries that are sitting between you and that web site can't see your data. But what we don't take into account is what happens when it gets to the destination, and what we're seeing is a trend in attackers that are not only using the approach to take a domain name or company name and change the 1 to an L or changing an O to a 0, but they're also putting in SSL certificates, so that really gives users a little bit of more trust in that site because we condition them. Hey, if it's a green safe, you're OK."
—Justin Harvey, Global Incident Response Leader at Accenture, on the CyberWire Daily Podcast, 9.16.19.
Thus, I'm not necessarily OK; you're not necessarily OK.
Cybersecurity Fabric: The Future of Advanced Threat Response
Cyber Attacks continue to increase in size and speed, requiring greater flexibility to defend and respond to emerging security threats. Organizations need inline detection and mitigation to be successful against threats to the evolving network. The solution is one that weaves security throughout your network into a seamless fabric providing coordinated detection and response. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn how a Cybersecurity Fabric will strengthen your security strategy, simplify your stack, and advance your defenses.
Cyber Security Summits: September 17 in Charlotte and October 3 in NYC(Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20
Siemens SINEMA Remote Connect Server(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely
Equipment: SINEMA Remote Connect Server
Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Information Exposure, Cross-Site Request Forgery, Use of Password Hash with Insufficient Computational Effort
Honeywell Performance IP Cameras and Performance NVRs(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Performance IP Cameras and Performance NVRs
Vulnerability: Information Exposure
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to view device configuration information.
Mimecast aims to capitalise on Symantec sale and grab customers(ITWire) Email security provider Mimecast has gone in hard in a bid to capitalise on the proposed sale of Symantec's enterprise division to Broadcom, offering customers of Symantec's MessageLabs email security cloud free email security risk assessments and other discounts.
CynergisTek Continues Growth of Security and Privacy Leadership Team(Yahoo) CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in information security, privacy, and compliance, today announced that it has appointed Benjamin Denkers as its Senior Vice President of Security and Privacy Services. In this position, Denkers will be responsible for the delivery of consulting, managed
Capsule8 Protect Earns HIPAA Compliance Certification(Capsule8) Capsule8’s Comprehensive Linux Protection Platform Exceeds Standards for Access, Intrusion Detection and Prevention Systems, and File Integrity Monitoring Requirements NEW YORK, New York – September 17, 2019 – Capsule8 today … Read of "Capsule8 Protect Earns HIPAA Compliance Certification"
U.S. Coast Guard Flexes Cyber Muscles(Wall Street Journal) The Coast Guard might be the smallest of the nation’s armed forces, but when it comes to cybersecurity, it believes it can punch above its weight.
What startup CSOs can learn from three enterprise security experts(TechCrunch) How do you keep your startup secure? That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction …
Elections Canada confident in security measures ahead of federal election(iPolitics) Elections Canada is confident in the security of the 2019 federal election despite recent cases of foreign interference in elections in countries like the U.S., Canada’s elections administrator said Tuesday. Speaking to reporters at a press conference in Ottawa, chief electoral officer Stéphane Perrault said he’s confident in the security measures the elections agency he …
Self-Help in Cyberspace: A Path Forward(Lawfare) The United States should prudently explore acceptable domestic parameters for the practice of combating cyber threats in the private sector and engage other nations to harmonize these standards internationally.
Life After Snowden: US Still Lacks Whistleblowing Rules(BankInfo Security) Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
United States Files Civil Lawsuit Against Edward Snowden(US Department of Justice) The United States today filed a lawsuit against Edward Snowden, a former employee of the Central Intelligence Agency (CIA) and contractor for the National Security Agency (NSA), who published a book entitled Permanent Record in violation of the non-disclosure agreements he signed with both CIA and NSA.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
7th Annual Cyber Resilience Summi(Arlington, Virginia, USA, October 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...
ENISA Maritime Cybersecurity Workshop(Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...
PCI SSC 2019 North America Community Meeting(Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...
SecureWorld St. Louis(St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Fraud Force Summit(Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...
2nd Annual National Cybersecurity Summit(National Harbor, Maryland, USA, September 18 - 20, 2019) The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations...
Phoenix Cybersecurity Conference(Phoenix, Arizona, USA, September 19, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.