Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
September 26, 2019.
By the CyberWire staff
Blackberry Cylance has released its study of a "suspected Chinese advanced persistent threat group" that's using the open-source PcShare backdoor modified for side-loading by a legitimate NVIDIA application. Once established, the attackers run a version of the Narrator ease-of-access application ("Fake Narrator") to achieve system-level access. The APT is interested in exfiltrating sensitive data, conducting reconnaissance, and moving laterally across networks. The researchers see some possible connection with the Tropic Trooper threat actor, a group that's been most active against targets in Taiwan and the Philippines, but they carefully avoid firm attribution.
Kaspersky says it's found renewed campaigns by Dtrack and the related ATMDtrack in India. Both have been associated with North Korea's Lazarus Group.
Sophos calls it "fleeceware:" Android apps that provide functionality freely available elsewhere, and that hit users with big fees after expiration of a trial period.
Bloomberg reports that acting US Director of National Intelligence Maguire will testify before the House Intelligence Committee today concerning President Trump's conversation with Ukrainian President Zelensky.
CBS News has a summary of compensation available under terms of the Yahoo breach settlement. You could get as much as $100, provided too many other people don't file, too. Also, you'll need to be able to demonstrate actual harm, like having already paid for a credit-monitoring service. You've got until March 6 to object to the arrangement, and until June 20 to file a claim. May it profit you.
Bravo, Emsisoft and Kaspersky, who have released decryptors for WannaCryFake, Yatron, and FortuneCrypt ransomware.
Today's issue includes events affecting Canada, China, Czech Republic, France, European Union, India, Italy, Kazakhstan, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.
Bring your own context.
What's a guest network, and what good does it do us, Doctor?
"If you set up your router to have a guest network, it means that some of the computers that connect to this router can't see the other computers. They can go to the Internet, but they can't actually connect to other computers on your network. So even if they try to look for them or to scan for them, they won't be able to see. So if you have a device you really don't trust – maybe you bought a really cheap camera or a monitor or a sprinkler or something like that – and you really need it to connect to the cloud, but you don't want it to be hacking into your network, you would put this device on your guest network. And what happens that every time this router gets a network packet from this guest network, it won't send it over to the host network, which is where all your sensitive stuff is hiding. It will only send it to the Internet. This is at least how it's supposed to work."
—Dr. Yossi Oren from Ben-Gurion University of the Negev, on Research Saturday, 9.21.19.
There is, of course, a lot more to be said. Listen to the whole thing.
Is your cybersecurity program aligned with your business goals and objectives?
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success. Learn more.
And Hacking Humans is also up. In this episode, "The usefulness of single sign on," Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Facebook's Mark Zuckerberg. Our guest is Yaser Masoudnia from LogMeIn, who addresses listener questions about Single Sign On.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20
New NetWire RAT Variant Being Spread Via Phishing(Fortinet) NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT.
Tracking the Chameleon Spam Campaign(Trustwave) In this blog, we draw attention to a persistent high-volume spam campaign that has been very prominent in our spam traps recently. The various campaigns emanate from the same spam botnet system and often resemble phishing messages, although they are typically not. The messages have randomized headers, and the templates often change, hence the moniker ‘Chameleon.’
The campaign is similar to the "Ave-Maria" malware observed earlier(Gadget Now) This campaign is particularly dangerous because it has similarities with the “Ave-Maria” malware which came with DLL hijacking capability that allowed it to get advanced admin access and bypass traditional detection methods. This malware can also secretly download other plugins and malicious content.
Adobe Fixes Critical Security Vulnerabilities in Coldfusion(BleepingComputer) Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure.
Enterprises Lack Clear Security Guidance for 5G(Decipher) Enterprises need guidance on how to get ready for 5G networks, but the current fear-mongering about Huawei doesn’t give enterprises the information they need to make sure the applications are secure.
Making money from cyber security(ETF Stream) Cyber security is designed to reduce the risk of cyber attacks and protect against the exploitation of networks and technology. It’s intended to be a big part of the future, but should you be investing in it?
Sharp Questions Can Help Boards Oversee Cybersecurity(Wall Street Journal) Corporate directors say they are more informed about cybersecurity risks than they were a few years ago but they might not be taking the right steps to verify what they hear from senior executives, according to governance experts.
The Huawei Story: An Analysis(Infosecurity Magazine) Reflecting on the ongoing dispute between the US and the Chinese telecoms company Huawei, and what the future might have in store
Huawei's 5G Ban Will Benefit Ericsson, Nokia - But Will They Keep Up?(Wccftech) National security is a major concern on the US government’s mind as 5G networks start to mature. American carriers, especially smaller ones based in rural areas, use Huawei’s equipment extensively to provide telecommunications services to users who might not be able to stay connected otherwise. But in 5G, courtesy of the Trump administration’s hard stance, …
CyberFortess of San Antonio Lands $3 Million in Funding to Develop its Insuretech Product(SiliconHills) CyberFortess, an insuretech startup, announced Wednesday that it has received $3 million in seed-stage funding. The San Antonio-based startup, founded in 2018, plans to use the funding to hire additional employees, develop its product and launch into the Texas market early next year. Greycroft and LiveOak Venture Partners led the round. Existing investor Monte Tulum …
Belcan acquires Lagoni Engineering – Aerospace Manufacturing Magazine(Aerospace Manufacturing Magazine) Belcan, a global supplier of engineering, supply chain, technical recruiting, and IT services has announced the acquisition of Lagoni Engineering, a London-based multi-disciplinary engineering consultancy and technical services provider focused on the energy industry. Terms of the transaction were not disclosed.
Centauri Buys Kord Technologies(WashingtonExec) In an effort to bolster its defense technology capabilities, Centauri has acquired Kord Technologies, Inc., an integrated defense and aerospace firm
WARP is here (sorry it took so long)(The Cloudflare Blog) Today, after a longer than expected wait, we're opening WARP and WARP Plus to the general public. If you haven’t heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phone’s Internet traffic.
NIST to Finalize Privacy Framework Soon(BankInfo Security) The National Institute of Standards and Technology expects to release its much anticipated privacy framework by year’s end. It’s now accepting comments on the
NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology(Security Magazine) The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to demonstrate how energy organizations can strengthen their operational technology (OT) asset management practices by leveraging capabilities that may already exist within their operating environment or by implementing new capabilities.
Energy is using cyber risk assessments to make cloud decisions(FedScoop) The Department of Energy has started factoring quantitative cybersecurity risk into its internal budget decisions. DOE adopted the Factor Analysis of Information Risk (FAIR) management framework and has begun initial, daily risk assessments at interested national laboratories, Emery Csulak, the department’s chief information security officer, told FedScoop. This fall, DOE plans to onboard even more …
How To Create a Modern Ransomware Security Strategy(Communal News) After sharp spikes in ransomware attacks in recent years, the total number of incidents is trending downward in 2018. But that’s not necessarily good news because these attacks also are becoming more targeted and potentially more dangerous. Unit 42, the research arm of Palo Alto Networks, says it tracked 890,000 ransomware attacks across state and ...
'Privacy by Design': Building Better Apps(BankInfo Security) Technology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer.
Huawei 5G backdoor entry unproven(The Economic Times) The controversy surrounding the Chinese telecom giant was triggered by the US stance that Huawei should be barred from 5G network rollouts due to concerns on alleged cyber snooping.
Huawei espionage concerns reach UK(JD Supra) The UK 5G debate is emblematic of protectionist sentiments in the technology sector. Huawei and the technology cold war - ...
This time, Democrats think Trump is cornered(Times) In some curious Anglosphere danse macabre, the political and legal paths of Boris Johnson and Donald Trump seem to be moving in parallel. This week, as the prime minister was rebuked by the Supreme...
USA: Russian Hacker Admits Largest Theft of Data in History(OCCRP) A Russian hacker pleaded guilty before the US District Court in Manhattan on Monday, admitting “one of the largest thefts of customer data from a US financial institution in history,” Geoffrey S. Berman, the US Attorney for the Southern District of New York, announced.
Roger Stone Judge Won’t Let Defense Tie Case to Russian Hackers(Bloomberg) Roger Stone was charged as part of the investigation of Russian interference with the 2016 U.S. presidential election, but jurors at his November trial won’t hear much about that probe after a federal judge barred his lawyers from basing their defense on what it failed to conclusively prove.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Little Rock Cybersecurity Conference(Little Rock, Arkansas, USA, September 26, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Security Leaders Summit Boston(Boston, Massachusetts, USA, September 26, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
Securing Elections – Global Lessons Learned(Washington, DC, USA, September 26, 2019) A forum on securing elections featuring global experts on policy and operations from the public and private sectors. The discussion will address risks, vulnerabilities, best practices and what needs to...
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.