Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Are you attending RSA Conference 2020 in San Francisco February 24–28? Don't forget to stop by Booth 743 to meet the Recorded Future team in person and pick up a free copy of their new book, "The Threat Intelligence Handbook."
February 10, 2020.
By the CyberWire staff
Kaspersky Lab warns that North Korea’s Lazarus Group, APT38, has recently grown subtler and more evasive, showing greater facility at misdirection. Increased sophistication has followed the group’s Operation AppleJeus, the Lazarus Group’s first sustained effort against macOS targets, but it's also evident in operations against Windows systems. The Lazarus Group has recently been active against the cryptocurrency sector. Most of its victims, chosen opportunistically, have been in the UK, Poland, Russia, and China. Recorded Future describes how Pyongyang has adapted the Internet into a tool for rogue regimes.
The NetBlocks Internet Observatory reported Saturday that Iran sustained a large distributed denial-of-service attack. The Financial Tribune quotes authorities as saying that they successfully parried the attack, and that they were unable to attribute the incident to any nation-state actor. Forbes writes that 25% of Iran’s Internet became unavailable after Iran activated its “Digital Fortress” defenses, which impose their own penalty on connectivity.
Nevada Democratic Party officials told the Nevada Independent Thursday that Iowa's unfortunate caucus experience last week led them to decide against using mobile applications for their caucus. But that may not be entirely the case: Saturday the Nevada Independent also reported that precinct leaders were receiving iPads with a preloaded tool they would use to assist them with their “viability calculations.” The Wall Street Journal isn’t particularly optimistic about Nevada Democrats' preparations, describing them as "cobbled together."
Haaretz reports that Israel's Likud Party's unsecured Elector app uploaded and leaked "names, identification numbers and addresses" of more than six-million voters.
Today's issue includes events affecting Australia, China, France, Ghana, Iran, Ireland, Israel, Republic of Korea, Democratic Peoples Republic of Korea, Poland, Russia, United Kingdom, United States.
Bring your own context.
More advice on informed skepticism with respect to phishing.
"Well, this falls back to just - don't open untrusted email attachments, right? And if you are on a thread and all of a sudden, an attachment appears, even if the thread appears to be legitimate and even if the reply doesn't seem that unusual, you should probably just pick up the phone and make sure that the person sending it intended to send it, especially if it hasn't come up in the thread before. Now, obviously, if someone says, hey; on Thursday, I'm going to send you that email, then it's probably OK. But alternatively, if you have a thread that's existed for a while, that's been basically abandoned and then all of a sudden, someone replies to it with an attachment and maybe a couple of really generic statements that don't make a lot of sense in the context of the conversation, that's when your guard should shoot up."
—Craig Williams, director of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 2.5.20.
It might seem disappointing to hear, use good judgment and keep your wits about you, especially if you were hoping for a checklist or an algorithm. But then the practice of good judgment and situational awareness are, after all, the beginning of practical wisdom.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!
Industrial Control Systems are Everywhere Hands-On Demonstration(Online, February 18, 2020) Join Dragos at their Feb. 18 ICS Range demonstration to see real control systems, learn about ICS adversaries and hear how to protect your networks. Tom VanNorman, Dragos Director of Engineering Services and co-founder of the ICS Village, walks you through this realistic range and shares his inspiration for developing it.
The Human Hacking Conference(Orlando, Florida, USA, February 20 - 22, 2020) The Human Hacking Conference is an all-encompassing event that teaches business, security, technology, and psychology professionals the latest expert techniques in human deception, body language analysis, cognitive agility, intelligence research, and security best practices.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
CyberCon 2020(Anaheim, California, USA, March 30 - April 1, 2020) The CyberCon Industrial Cybersecurity CISO Summit & Workforce Development Conference is a solutions-based cybersecurity conference promoting networking, collaboration and sharing of solutions between cybersecurity experts and leaders in power and utility companies. Gain unprecedented access to over 40 innovative speakers covering a range of pressing cybersecurity topics and an expo featuring 100+ cybersecurity technology providers showcasing innovative solutions. A “Workforce Development Forum” will provide strategies companies need to recruit, train and retain top cybersecurity talent.
Cyber Attacks, Threats, and Vulnerabilities
Coronavirus-themed Attacks Target Global Shipping Concerns(Proofpoint US) Last week attackers exploited Coronavirus fears by sending malicious health information emails aimed at Japanese-language speakers. This week Proofpoint researchers uncovered new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping.
IaC Templates Are The Source Of Many Cloud Infrastructure Weaknesses - Expert Comments(Information Security Buzz) In response to reports that show a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack, an expert from Cerberus Sentinel offers perspective. A new report shows a high percentage of IaC template misconfigurations in cloud deployments that leave them vulnerable to attack: https://t.co/EWf5e0TJdC pic.twitter.com/DP3xChwuSc — CompTIA (@CompTIA) February 5, 2020
Duplin County IT taken offline after malware attack(WCTI) Duplin County officials say they have taken their IT offline because of a malware problem. While they are terming it a safety concern, the county says some services to the public may be limited but emergency and essential operations will continue as usual. Public Information Officer Elizabeth Stalls says she has never seen this in Duplin County, and the county has not received a ransom since officials caught it quickly. "It’s frustrating because we are trying to serve the public," she says.
ESET: MSPs Not Proactive Enough with Cybersecurity(Channel Futures) ESET, a provider of antivirus, anti-malware and internet security, surveyed 400 MSPs to uncover their attitudes and future plans around cybersecurity. The findings suggest that many MSPs still have their heads in the sand over the gravity of the threat, it said.
The Winners From Washington’s War on Huawei (Wall Street Journal) Attorney General William Barr’s pitch for a U.S. takeover of Europe’s 5G equipment makers seems like a long shot, but investors might benefit from Washington’s hawkish stance on Huawei anyway.
Dangerous Domain Corp.com Goes Up for Sale(KrebsOnSecurity) As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.
How Unisys Federal will change SAIC(Washington Technology) Unisys Federal uses a commercial model for delivering services and solutions to federal customers. That model will likely change how Science Applications International Corp. goes to market.
The CIA triad: Definition, components and examples(CSO Online) The CIA (Confidentiality, Integrity, Availability) triad is a widely used information security model that can guide an organization's efforts and policies aimed at keeping its data secure.
Voting Process Under Spotlight After Iowa Confusion(Wall Street Journal) States conducting presidential nominating contests in the weeks ahead are facing new scrutiny of their voting processes after glitches caused confusion over which candidate won in Iowa’s caucuses.
What Will We Learn From The Iowa Caucus App?(Government Technology) The events that unfolded this past week with the Iowa Democratic caucus app are unprecedented. But putting politics aside, what can we learn about launching important apps?
How To Stop Wi-Fi Hackers Abusing Ubiquiti’s UniFi Access Points(Secplicity - Security Simplified) Ubiquiti, a global networking technology company came onto the mainstream marketplace beginning in 2005 with a clever idea of offering products at low prices to mass markets guiding channel players to monetize their services instead of the hardware. Every strategy has its pluses and minuses and some would say Ubiquiti’s low-price leader concept swung the …
Israeli spyware firm threatens to 'shut down' abusers(Deutsche Welle) An embattled Israeli firm known for its controversial spyware has been accused of turning a blind eye to the misuse of its technology. The company told DW that it has "shut down" systems in the past for violating rights.
A Primer on Congressional Staff Clearances(Project On Government Oversight) A primer from the Project On Government Oversight and Demand Progress offers a comprehensive resource on the limitations to congressional staff overseeing classified programs.
US Charges 4 Chinese Military Hackers in Equifax Breach(US News and World Report) The Justice Department says four Chinese military hackers have been charged with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans.
Panama Papers Case to Net First U.S. Conviction(Wall Street Journal) A German businessman charged with evading U.S. taxes as part of an investigation sparked by leaked documents from now-defunct Panamanian law firm Mossack Fonseca & Co. will plead guilty, federal prosecutors said.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Techno Security & Digital Forensics Conference(San Diego, California, USA, March 9 - 11, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private...
Techno Security & Digital Forensics Conference(Myrtle Beach, South Carolina, USA, May 31 - June 3, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private...
Securing Federal Identity 2020(Arlington, Virginia, USA, June 22 - 23, 2020) This highly focused, high-energy event will feature federal government identity and security policy issues and technology developments for today’s federal agencies and federal market security leaders.
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...
The Human Hacking Conference 2020(Lake Buena VIsta, Florida, USA, February 20 - 22, 2020) Once flagged by the FBI and the US banking industry as a potential national security threat, the Social Engineering Village (SEVillage) presents this unprecedented experience, The Human Hacking Conference,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.