MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
February 7, 2020.
By the CyberWire staff
Malaysia CERT (MyCERT) has issued an advisory warning that a cyber espionage campaign has been conducted against government officials in that country. They don’t specifically call out the parties responsible, but sources listed among their references suggest that it’s APT40. APT40 is generally believed, as ZDNet notes, to be a group of contractors working for the Hainan department of the Chinese Ministry of State Security.
Two more Japanese defense contractors have joined Mitsubishi Electric and NEC in delayed disclosure that they were breached by Chinese threat actors, BleepingComputer reports. Pasco Corporation was hit in May 2018; Kobe Steel was compromised in June of 2015 and again in August 2016.
A Bluetooth flaw leaves Android devices vulnerable: an attacker could compromise a device without user interaction, according to the Register, which recommends avoiding Bluetooth with Android until the flaw is patched.
VPNPro, Trend Micro, and Cofense have found malicious Android apps in Google Play. Those identified by Trend Micro are interesting in that they post their own positive reviews the better to attract downloads. VPNPro links the bad apps it found to Shenzhen HAWK Internet Co., a Chinese firm that told Forbes the whole thing is a misunderstanding.
Tom Perez, chair of the Democratic National Committee, tweeted that the Iowa Democratic Party should recanvass because of problems with the ways Monday’s caucus results were tabulated. The Des Moines Register reports that Iowa party officials now blame a last-minute security patch the DNC demanded for the problems the IowaReportingApp experienced this week.
Today's issue includes events affecting Brazil, China, European Union, Iran, Japan, Malaysia, Russia, Saudi Arabia, United States.
Bring your own context.
Why it's important to warn people when Emotet raises its head.
"Well, so what we saw in this particular campaign was basically a compromise with some government and military customers. And then, you know, as usual, Emotet will use those accounts to move laterally within organizations. And because these were government and military, it's moving inside of government and military. And obviously, when you see that type of thing, it's very concerning because generally speaking, if people see emails from sources that they consider internal, they're much more likely to trust them. And that's why we needed to make sure the word got out that there are malicious actors using these relationships for nefarious purposes."
—Craig Williams, director of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 2.5.20.
Emotet is better than most attack tools at looking legit.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Protecting Your Clients with Aeonik™ From LookingGlass
Will you be at RSAC 2020? Need a break from the hectic expo floor? Join LookingGlass security experts for a FREE Lunch & Learn on Wednesday, February 26, where you will learn how to enhance your security offerings to better protect your clients with the Aeonik Security Fabric. Our experts will give an overview of how you can accelerate your business as part of the Cyber Guardian Network. Register today to save your spot!
ON THE PODCAST
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CynergisTek, as Caleb Barlow offers more insights on hospitals and ransomware, this time from the patient’s perspective. Our guest is Matt Cauthorn from ExtraHop, comparing cloud platforms’ similarities and differences.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!
The Human Hacking Conference(Orlando, Florida, USA, February 20 - 22, 2020) The Human Hacking Conference is an all-encompassing event that teaches business, security, technology, and psychology professionals the latest expert techniques in human deception, body language analysis, cognitive agility, intelligence research, and security best practices.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Malicious apps now post their own positive reviews on Google Play(SC Magazine) The assault on Google’s Play Store continues with 30 malicious apps being revealed that have been downloaded hundreds of millions of times and having capabilities that have caused security firms suggesting end users take extraordinary steps to vet software prior to downloading.
Ransomware Exploits GIGABYTE Driver to Kill AV Processes(BleepingComputer) The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.
The Heartbleed Bug: How a Forgotten Bounds Check Broke the Internet(Netsparker) The Heartbleed bug is a critical buffer over-read flaw in several versions of the OpenSSL library that can reveal unencrypted information from the system memory of a server or client running a vulnerable version of OpenSSL. Attacks can reveal highly sensitive data, such as login credentials, TLS private keys, and personal information. This article looks at one of the most serious and widespread security vulnerabilities in web history and shows how just one buggy line of code could wreak havoc across the world.
NSS Labs quietly acquired by private equity firm(SearchSecurity) After several tumultuous years, product testing firm NSS Labs was acquired by Consecutive, Inc., a private equity firm based in San Francisco. The acquisition was made last October but neither company publicly announced the deal.
IntelliWare Acquired by Trowbridge & Trowbridge(Homeland Security Today) Trowbridge & Trowbridge, a provider of technical solutions to complex federal information technology challenges in the defense and civilian markets, has acquired IntelliWare Systems.
SAIC to buy Unisys Federal(InsideDefense.com) Science Applications International Corp. said today it has agreed to acquire Unisys Federal in a $1.2 billion deal.
Gula Tech Adventures Announces First Ever CyberQuest 2020(Yahoo) Gula Tech Adventures announced its first ever cyber pitch competition today—CyberQuest 2020. The competition supports the next generation of cyber technology, strategy and policy entrepreneurs by investing in startups of all sizes, with a focus on pre-series A. The winner will receive a $150,000 investment
5G could bring new speed to military operations(C4ISRNET) If the U.S. military introduced a fifth generation network in to its C4ISR systems, decision-making in high profile military operations would improve because critical information would arrive faster, according to a Jan. 31 Congressional Research Service report.
Is India Betting Big on Huawei?(Foreign Policy) A divided domestic telecoms industry, disagreement within the central government, and a desire for India to develop its own systems have made the country’s calculations…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Techno Security & Digital Forensics Conference(San Diego, California, USA, March 9 - 11, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private...
Techno Security & Digital Forensics Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private...
Securing Federal Identity 2020(Arlington, Virginia, USA, June 22 - 23, 2020) This highly focused, high-energy event will feature federal government identity and security policy issues and technology developments for today’s federal agencies and federal market security leaders.
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.