skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

In two apparently unrelated incidents, Rheinmetall and Defence Construction Canada sustained attacks on their IT infrastructure. In Rheinmetall's case the attack, whose precise nature the company didn't specify, disrupted automotive production in Brazil, Mexico, and the US. Defence Construction Canada has been able to maintain operations in the face of what the Ottawa Sun reports may have been a ransomware attack.

SRLabs says it's developed a way of determining whether devices are vulnerable to SimJacker and similar exploits.

Police in the German Land of Rhein-Pfalz have raided and shutdown a bulletproof-hosting data center in Traben-Trarbach, the AP reports. The action crossed both Land and international boundaries, with arrests near Frankfurt and other police action in the Netherlands, Luxembourg, and Poland. The data center, located in a surplus NATO facility acquired by a Dutch national in 2013, is thought to have been involved in both contraband markets and in the 2016 distributed denial-of-service attack on Deutsche Telekom.

Gnosticplayers may be back. Online game company Zynga disclosed a breach on September 12th, and now the Hacker News says that Gnosticplayers (a nom de hack) claims he (she? they?) has counted coup against Zynga, gaining access to some 218 million Words with Friends accounts. Gnosticplayers is neither a greyhat nor a gadfly. Earlier this year he gained notoriety for offering 747 million records culled from twenty-four popular sites.

A snail-mail letter purporting to be from Her Majesty's household asks recipients to help Queen Elizabeth save Britain's economy from Brexit (with Bitcoin, of course).

Notes.

Today's issue includes events affecting Bangladesh, Brazil, Canada, China, Germany, Iran, Ireland, Lebanon, Mexico, Netherlands, New Zealand, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, and Vietnam.

Bring your own context.

Establishing a foothold in a network is usually valuable because that foothold enables lateral movement.

"With lateral movement, that's when you establish a single system as your - kind of your starting base, your foothold. And then, you know, based from there, you take whatever you can get off of that machine that helps you move to other systems on the network. And, you know, it's kind of the initial starting point for an attacker. But ultimately, they have some objective, whether it be intellectual property, or customer data or financial motivations. That's kind of the ground zero. And lateral movement allows them to, you know, move to other systems that gets them access to that data."

—Tim Keeler, CEO and founder of Remediant, on the CyberWire Daily Podcast, 9.26.19.

It's not so much where they are that's valuable, but where they can get from there.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem provides an overview of five threat factors influencing the cyber security landscape.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Hackers break into Lebanese Ministry of Finance website (Arab News) A hacker group claimed it had hacked the Lebanese Ministry of Finance’s website for about an hour on Friday afternoon. The Anonymous—LEB group, which said it had carried out the attack, addressed the Ministry through a post on its Facebook page saying: “Dear Lebanese Government: If you think we forget, you are mistaken !!! We have all ministry of finance data, to be leaked soon! WE DON’T LEAVE OUR PEOPLE

Malicious sites pushed via Google Alerts (SC Magazine) Cyber-criminals have found a way to use Google Alerts to hook victims into scams or push malware.

Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data (The Hacker News) A Pakistani hacker stole over 218 million 'Words With Friends' Zynga mobile gamer users account data.

New SIM Card Attacks: Both Android And iOS Impacted—Are You Vulnerable? (Forbes) SIM-based spyware attacks can target phones with invisible SMS messages. And all brands are vulnerable—including Androids and iPhones.

New SIM card attack disclosed, similar to Simjacker (ZDNet) There's now an app to test your phone's SIM card for both Simjacker and WIBattack

Researchers Think They Know How Many Phones Are Vulnerable to 'SIMjacker' Attacks (Vice) They also created a tool to determine whether your phone's SIM card is vulnerable.

New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips (ZDNet) New jailbreak will work on iPhones 4S up to iPhone 8 and X.

Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! 'Unpatchable tethered Boot ROM exploit' released (Register) Coder claims iThings older than two years can be unlocked from Apple's clutches

Cyber-Attacks Hit Defense Contractors in Europe and North America (BleepingComputer) Defense contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyber-attacks that impacted and disrupted their information technology systems.

Defence Construction Canada hit by cyber attack – corporation's team trying to restore full IT capability (Ottawa Citizen) The Crown Corporation that manages Defence department projects and infrastructure has been hit with a cyber-attack.Industry sources say an attack earlier this month disrupted Defence Construction C…

Scammers Find More Opportunities on Internet Marketplaces (Wall Street Journal) A new study of consumer behavior found that scammers are far more likely to succeed in stealing money from potential targets by using websites and social media than through the phone calls and emails they have long used.

Dating app suffers data leak exposing its entire userbase (Includes interview) (Digital Journal) Online dating app Heyyo left a server exposed on the Internet without a password. This leaky server, an Elasticsearch instance, exposed the personal details belonging to nearly 72,000 users. Eve Maler of ForgeRock weighs in.

TikTok censored talk of Northern Ireland ‘independence’ (Times) The social network TikTok banned “highly controversial” topics such as “inciting the independence of Northern Ireland”. This is understood to be a clunky reference to users discussing the prospect...

The 'Queen' Begins Bitcoin Phishing to Save the UK Economy (BeInCrypto) An unknown attacker is mailing out letters claiming to be from Buckingham Palace, trying to scam people out of their Bitcoin investments.

North Florida OB-GYN patient information may have been breached (WJXT) Patients of North Florida OB-GYN may have had their personal information breached via a virus cyberattack at the medical office earlier this year.

How an Irish hurling fan out-scammed a scammer (The Irish Times) ‘Solomon Gundi’ thought he was on to a good thing when he emailed a 22-year-old Limerick student

Shoppers stunned as pornography plays on large TV screen for hours (The Independent) Explicit videos broadcast from large screen on busy street for two hours until staff retake control from hackers

Woodstock cyber attack continues, affects other city institutions (Woodstock Sentinel Review) Networks and email are still down at the City of Woodstock as the administration continues to fight a cyber attack that began Saturday.

Governments, schools under cyber attack (Rockford Register Star) The latest trend in cybercrime targets cities, counties and schools nationwide, including Rockford Public Schools

Security Patches, Mitigations, and Software Updates

Apple users, patch now! The ‘bug that got away’ has been fixed (Naked Security) Apple has now patched the patch that Google said didn’t patch the hole it was supposed to.

Linux to get kernel 'lockdown' feature (ZDNet) New Linux kernel "lockdown" module to limit high-privileged users -- even root -- from tampering with some kernel functionality.

Cloudflare now supports HTTP/3 (Help Net Security) Cloudflare announced support for HTTP/3, the new standard of the web that will make the Internet faster, more secure, and more reliable, for everyone.

Cyber Trends

Many organizations are careless with sensitive paper documents. It's increasing the risk of data breaches (FierceHealthcare) It doesn't take the stealth of a cyberattacker to cause a healthcare data breach. Typical workplace occurrences like leaving a sensitive document on a printer tray also can lead to data breaches. And in healthcare organizations, it happens more than you think.

Vietnam world’s third largest source of DDoS cyberattacks: report (VnExpress International – Latest news, business, travel and analysis from Vietnam) The number of DDoS attacks coming from devices in Vietnam was the world’s third highest in the second quarter of 2019, after the U.S. and China.

Marketplace

New Cybersecurity Companies Have Their Heads In The Cloud (Forbes) Privacy has become a big deal. Government regulators are moving to squash indiscretions and protect consumers while preserving constitutional liberties … a tall task.

Google boss Sundar Pichai exclusive interview: ‘We’re sticking with our motto – ‘Don’t be evil’ (The Telegraph) Google's global headquarters has the uncanny feel of a carnival.

Spyware company introduces unprecedented human rights policy (The Varsity) U of T’s Citizen Lab researcher likens NSO Group’s reforms to “tokenism”

USCYBERCOM awards mission-critical Cloud contract to Stratus Solutions (Army Technology) The US Cyber Command (USCYBERCOM) has awarded a mission-critical cloud contract to Applied Insight’s subsidiary Stratus Solutions to deliver secure...

BIO-key Receives Nasdaq Notification Regarding $1.00 Minimum Closing Bid Price Requirement - Has 180 Days to Regain Compliance (West) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced it has received a continued listing deficiency notice from The Nasdaq Stock Market LLC because its share price has not met the $1.00 minimum closing bid price requirement for 30 consecutive trading days - Nasdaq Listing Rule 5550(a)(2) and 5810(c)(3)(A). This notice has no immediate effect on the Company’s Nasdaq listing or the trading of its common stock.

VMware and Carbon Black Announce Extension of Tender Offer (West) VMware, Inc. (NYSE: VMW) and Carbon Black, Inc. (NASDAQ: CBLK) have announced that VMware has extended the offering period of its previously announced cash tender offer to purchase all of the outstanding shares of common stock (the “Shares”), of Carbon Black for a price of $26 per share (the “Tender Offer”).

Products, Services, and Solutions

Nerds CyberSecurity Team Thwarts Full Scale Attack for Multi-National Client (Yahoo) Nerds On Site Inc. ("NERDS" or the "Company") (NERD.CN) (3NS.F) (NOSUF), a mobile IT solutions company servicing the SME marketplace, provides an update on its cyber security services deployment. "NERDS has committed significant resources toward

Tripwire unveils new version of Tripwire Connect (Help Net Security) Tripwire, a global provider of security and compliance solutions for enterprises and industrial orgs, announced the next generation of Tripwire Connect.

Technologies, Techniques, and Standards

How FIs Can Win Escalating Cybersecurity Battle (PYMNTS.com) Samuel S. Visner, director of National Cybersecurity FFRDC, tells PYMNTS how FIs and others can wage effective battle against cyberattacks by nation-states.

Zink: Cybersecurity — what to do if your business is attacked (Gainesville Sun) What would you do if your technology systems were hacked, shut down with ransomware or infected with tech time bombs set to go off in the future?

Don’t feed the phish (Education Executive) Cyber-attacks pose a big threat to schools and many have already been targeted. Matt Britland, director of IT and digital strategy at Alleyn’s School in London, explains the importance of ensuring staff and students can identify phishing emails

Design and Innovation

Ahead of 2020, Facebook Falls Short on Plan to Share Data on Disinformation (New York Times) The social network says it has struggled to get the information to researchers because it also wants to protect its users’ privacy.

Pi-hole drops support for ad blocklists used by browser-based ad-blockers (ZDNet) The ad-blocking landscape is in line for some standardization, starting with the blocklists' synthax.

Research and Development

DoE to develop next-generation cybersecurity tools for utilities (Smart Energy International) The DoE, Idaho National Laboratory and New Context have extended their collaboration on research and development of next-generation cybersecurity tools.

This Single Tweet Sent the Cryptocurrency Space Into a Fake News Frenzy (BeInCrypto) A Tweet made about the NSA developing 'quantum resistant crypto' turned into fake news about NASA creating its own cryptocurrency.

Academia

NSA, DHS recognize Germanna’s cyber defense education (Fredericksburg.com) NSA and DHS name Germanna Community College a National Center of Academic Excellence in Cyber Defense Education, one of Virginia’s relatively few such institutions.

Legislation, Policy, and Regulation

An Overview of International Humanitarian Law in France's New Cyber Document (Just Security) France's positions explained on key issues like the meaning of "attack" and the application of the principles of distinction and proportionality in cyberspace.

Iran oil industry must be alert to physical, cyber threats: minister (Reuters) Iran's oil minister told the petroleum industry on Sunday to be on alert to...

Saudi crown prince warns of escalation with Iran, prefers political solution (Reuters) Saudi Arabia's crown prince warned in an interview broadcast on Sunday that...

The U.S.-Iran Standoff Is Militarizing Cyberspace  (Foreign Policy) Trump is keen on cyberattacks to retaliate against Tehran, but that could open Pandora’s box.

America Needs a New Strategic Triad to Face the 21st Century (Time) An emerging triad was illustrated by the drone strikes on key Saudi oil fields

Russia starts rolling out DPI filtration tech that might finally block Telegram (Meduza) Russia’s federal censor has started testing new digital filtration equipment that could finally make it possible to block access to the instant messenger Telegram.

Norway will not ban Huawei from 5G mobile network: minister (Reuters) Norway does not plan to block China's Huawei Technologies[HWT.UL] from buil...

No more 90-day reprieves for Huawei's U.S. supply chain warns Trump administration official (Phone Arena) A member of the Trump administration says that the current 90-day reprieve granted to some of Huawei's U.S. suppliers will probably be the last when the three month period expires in November.

U.S. Steps Up Scrutiny of Airplane Cybersecurity (Wall Street Journal) Concerns that planes could be targeted in cyberattacks are re-energizing efforts to identify airliners’ vulnerability to hacking.

US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks (BleepingComputer) The U.S. Senate passed the 'DHS Cyber Hunt and Incident Response Teams Act' (S.315) to authorize the Department of Homeland Security (DHS) to maintain cyber hunt and incident response teams to help private and public entities defend against cyber-attacks.

6 Cyber Bills You Might Have Missed (Nextgov.com) The bills aim to strengthen the Homeland Security Department’s cybersecurity efforts and help the energy sector improve its digital defenses.

The Strange Career of ‘National Security’ (The Atlantic) When the two-word phrase became a national obsession, it turned everything from trade rules to dating apps into a potential threat to the United States.

CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace (STL.News) CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace • STL.News

Air Force steps up efforts to combat insider threats (WHIO) The Air Force is stepping up its efforts to deter, detect and mitigate insider threats. An

This is the Navy’s new top cybersecurity official (Fifth Domain) The Navy has tapped a former senior adviser to the Defense Department’s chief information officer as its new CIO.

Michigan’s volunteer cyber corps expands despite critical audit report (Spartan Newsroom) Cyber security requires constant updates and reviews, experts say — and a group of Michigan volunteers that responds to attacks on government databases just got one of its own.

Litigation, Investigation, and Law Enforcement

Stunned authorities find dozens of encrypted computers in alleged spy's home (CBC) The RCMP intelligence director who now stands accused of preparing to leak secrets to a foreign entity or terrorist group kept a large number of encrypted computers at his home, making the investigation harder to crack, CBC News has learned.

Bulletproof Hosting Service in Former NATO Bunker Goes Down (BleepingComputer) Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground.

German Police Raid Data Center and Alleged Cybercrime Hub Based Out of Former NATO Bunker (Gizmodo) German authorities raided a data center based out of “former NATO bunker that hosted sites dealing in drugs and other illegal activities,” the Associated Press reported on Friday, resulting in seven arrests.

Google Draws House Antitrust Scrutiny of Internet Protocol (Wall Street Journal) Antitrust investigators are scrutinizing plans by Google to use a new internet protocol in a way that some say could make it harder for other companies to access consumer data.

Google reportedly under antitrust scrutiny for new internet encryption protocol (CNET) New standard aims to improve security and privacy by encrypting internet traffic.

Police can access suspects’ Facebook and WhatsApp messages in deal with US (Times) WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the...

Baltimore IT department uses ‘mind-boggling,' outdated data storage method, audit finds (Baltimore Sun) A new audit of Baltimore’s information technology department says the agency lost key data during May’s ransomware attack because some in the agency used an outdated method for storing files: their individual hard drives.

State Dept. Investigating Email Practices of Hillary Clinton’s Former Staff (New York Times) The inquiry is examining whether the employees used secure channels and the proper classification designations for what appeared to be routine emails at the time.

Why Trump asked Ukraine’s president about ‘CrowdStrike’ (Washington Post) Why Trump asked Ukraine’s president about ‘CrowdStrike’

Trump whistleblower agrees to testify in Congress (Times) The whistleblower whose complaint over a White House phone call triggered impeachment proceedings against President Trump has agreed to testify to Congress, the Democrat leading the inquiry said...

Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ (New York Times) Thomas P. Bossert, President Trump’s first homeland security adviser, said he was “deeply disturbed” that Mr. Trump had urged Ukraine to investigate Democrats.

Whistleblower painstakingly gathered material and almost single-handedly set impeachment in motion (Washington Post) Trump said the whistleblower is “almost a spy.” Others said, “He’ll be remembered as a truth-seeker.”

Ukraine Holds More Surprises for Biden (Bloomberg) He’ll face questions about a lot more than what Trump has already brought up.

Solomon: These once-secret memos cast doubt on Joe Biden's Ukraine story (TheHill) Hundreds of pages of never-released memos and documents – many from inside the American team helping Burisma to stave off its legal troubles – conflict with Joe Biden’s narrative about the controversy in Ukraine.

Senate Democrats Face Questions After Letter Resurfaces of Them Asking Ukraine to Investigate Trump in 2018 (IJR) The Democratic senators who sent a letter to the Ukranian prosecutor general asking them to investigate President Donald Trump are facing some questions.

Ex-Trump Homeland Security adviser rips Giuliani, calls claim Ukraine hacked DNC a 'conspiracy theory' (TheHill) A former Homeland Security adviser in the Trump administration said Sunday that the unsubstantiated claim that Ukraine was responsible for the hack of the Democratic National Committee (DNC) in 2016 is a "conspiracy theory" with "no validity."

Matt Drudge played a major role in the Clinton impeachment. Now he’s back for another round. (Washington Post) The Drudge Report has been generally supportive of conservatives and Trump but has been playing up impeachment news in recent days.

Ocasio-Cortez Set to Testify in Lawsuit Challenging Blocking of Twitter Follower (New York Law Journal) U.S. Rep. Alexandria Ocasio-Cortez, D-New York, was sued over the management of her @AOC Twitter account the same day that the 2nd U.S. Circuit Court of Appeals affirmed a trial judge's ruling that President Donald Trump violated the First Amendment by blocking people from his @realDonaldTrump Twitter account.

Match knowingly puts people at risk from scammers, FTC charges (Naked Security) Match.com allegedly put users on its free version at risk – by not filtering out communications that it knew were from fake accounts.

Most victims still not reporting cyber crimes: survey (The Daily Star) Though a year has gone by since the Digital Security Act was passed in the parliament, 80 percent of cyber crime victims do not report the cases to law enforcement agencies, according to a recent survey conducted by Cyber Crime Awareness Foundation.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Defend Your Organization: Cybersecurity in Manufacturing Conference (Boston, Massachusetts, USA, October 1 - 2, 2019) The manufacturing industry is one of the most heavily targeted industries for cyberattacks. As manufacturers undertake digital transformations, vulnerability to attacks increase. Hear from expert speakers...

SecureWorld Detroit (Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Kansas City Cybersecurity Conference (Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Australian Cyber Conference 2019 (Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.