Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
September 25, 2019.
By the CyberWire staff
Fancy Bear returns, resuming its use of the Zebrocy toolkit against a familiar range of targets, for the most part embassies and foreign ministries in Eastern Europe and the Middle East. ESET, which says the renewed activity dates to late August, also notes that Zebrocy's suite of downloaders, droppers, and backdoors has shown some evolution into marginally more effective forms. Fancy Bear is also known as Sednit, Sofacy, Group 74, Strontium, and APT28, but Russia's GRU military intelligence service is always the man behind the curtain.
The University of Toronto's Citizen Lab describes a campaign directed against Tibetan diaspora groups by a threat actor the Lab calls "Poison Carp." A successor to Ghostnet, the campaign has used a suite of Android and iOS exploits; its typical infection vector was social engineering. Reuters observes that this appears to be the same threat actor that has been active against China's predominantly Muslim Uighur minority.
An anonymous researcher has published a zero-day affecting the widely used vBulletin web forum software. ZDNet says the vulnerability is a pre-authentication remote code execution bug. It’s unclear whether the posting was done with malign intent or simply amounted to a bungled disclosure.
Few will be surprised to hear that the GandCrab gang has returned from retirement. SecureWorks reports that the group has reassembled itself, and is responsible for attacks using REvil ransomware (also known as Sodinokibi).
Iovation predicts insurance fraud committed over mobile devices will include "Application," "Bad Debt," "Ghost Broking," "Account Takeover," "Claim," and "Contact Center."
Today's issue includes events affecting Australia, Canada, China, Ecuador, Russia, South Africa, Turkey, United Kingdom, United Nations, United States.
Bring your own context.
Why smart TVs raise consumers' hackles.
"But that's the kind of thing I'm talking about. You know, if it stays within the company and they're just trying to make the service better, that's fine. But if they're selling my data and profiting from me, I want that to come back in some way."
—Joe Carrigan, of the Johns Hopkins University's Information Security Institute, on the CyberWire Daily Podcast, 9.23.19.
Service improvement is one thing, but making the consumer the product is another. To be sure, everyone gets that businesses need to advertise, and that advertising has to be profitable, but selling personal data seems...sorry, personal.
Is your cybersecurity program aligned with your business goals and objectives?
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success. Learn more.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20
Russian APT Ecosystem Map(Check Point | Intezer) The russian APT map is a web-based, interactive map that shows the different families and actors that are part of the Russian APT ecosystem, as well as the connections between them.
Control system cyber security organizations are still not focusing on what is most important –the process (Control Global) For industrial and manufacturing companies, organizations such as credit rating agencies and insurance companies are concerned about the risk to the enterprise not just the networks. The OT security community needs to recognize the most important risks to the organization are the process not the networks. This will require changing the governance model to require teaming with engineering and security with engineering taking the lead.
Northshore School District hit by significant cyber attack(KOMO) A cyberattack has crippled some of the systems in the Northshore School District, which covers Bothell, Woodinville and Kenmore. The district is calling this a "significant" attack that's taken out some phones and all voice mail servers, but adds there's no evidence that student or staff information has been compromised. In addition to the phones, the food service payment system took a hit.
Security Patches, Mitigations, and Software Updates
Microsoft Released Out-of-Band Security Updates(Qualys Blog) Microsoft released an out-of-band update yesterday that fixes two critical vulnerabilities – The Internet Explorer remote code execution vulnerability (CVE-2019-1367) and Microsoft Defender Denial of…
The Evolving Roles and Responsibilities of CISOs(CIOReview) The Evolving Roles and Responsibilities of CISOs By James Shira, Network & US Chief Information & Technology Officer, PWC - In order to address these new threats while maintaining operations, growing the business, executing the mission, and...
ESET: 91% of Russians Prefer Pirated Content Over Legal(TorrentFreak) If the results of a survey carried out by ESET are any indicator, Russia faces an uphill battle to combat piracy. The security company reports that just 9% of those surveyed prefer exclusively legal content over pirated, with 75% citing high prices as a reason to use illegal sources.
Mimecast Announces Integration with Rapid7(West) Mimecast’s Integration with Rapid7’s SOAR Solution, InsightConnect, is Engineered to Enable Security Teams to Respond to Incidents Faster, Helping to Strengthen Cyber Resilience
Facebook promises not to stop politicians’ lies & hate(TechCrunch) Facebook confirms it won’t fact check politicians’ speech or block their content if it’s newsworthy even if it violates the site’s hate-speech rules or other policies. This cementing of its policy comes from Facebook’s head of global policy and communication Nick Clegg…
‘But who’s in charge’ is the question for feds in cybersecurity(Fifth Domain) Government officials consistently argue that no single agency could take responsibility for the cybersecurity of the federal government. But a Wisconsin senator recently pushed officials to answer the question of who takes the lead for information security.
Every Sailor a Cyber Warrior(CIMSEC) Every Marine a rifleman. This mantra resonates with the nation and highlights a fundamental fact about the USMC – no matter what a Marine’s primary job is, they are expected to be able to pick up a weapon and fight.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
GlobalPlatform Technical Workshop(Shenzhen, China, September 24 - 25, 2019) GlobalPlatform is hosting two free-to-attend workshops in Shenzhen, China on 24th and 25th September. Both workshops will focus on device security and the deployment and use of secure devices. The agendas...
2019 FAIR Conference(National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...
SecureWorld New York(New York, New York, USA, September 25, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Little Rock Cybersecurity Conference(Little Rock, Arkansas, USA, September 26, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.