Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Are you attending RSA Conference 2020 in San Francisco February 24–28? Don't forget to stop by Booth 743 to meet the Recorded Future team in person and pick up a free copy of their new book, "The Threat Intelligence Handbook."
February 14, 2020.
By the CyberWire staff
The US Justice Department has secured another indictment against Huawei. Tech Crunch calls the sixteen-charge indictment "sprawling." The charges are being brought as a RICO conspiracy, so the US Justice Department is using the law that put so much of La Cosa Nostra behind bars to prosecute Huawei for racketeering. The US alleges a decade-long conspiracy to steal the intellectual property of US firms. The defendants are Huawei Technologies Co., Ltd.; Huawei Device Co., Ltd.; Huawei Device Usa Inc.; Futurewei Technologies, Inc.; Skycom Tech Co., Ltd.; and Wanzhou Meng, the company's CFO who's currently in Vancouver, British Columbia, fighting extradition to the US.
Huawei calls the charges baseless, and another move by the US to "irrevocably damage" the company. Huawei says it expects to "prevail" in court.
Lawfare points out that Huawei has shifted position, a bit, on the Wall Street Journal's report that the company's devices were backdoored. They've moved from saying "we can't intercept traffic" to "we could intercept traffic, but someone would notice if we did."
The FBI and CISA have released six Malware Analysis Reports detailing malware used by North Korea's Hidden Cobra, according to BleepingComputer.
Iran, which had been slow to attribute blame for last weekend's distributed denial-of-service attack, has now decided to call the incident an American operation, Tasnim reports.
Researchers at Cisco's Duo worked with Google to help Mountain View take down more than five-hundred malicious extensions from its store. The bad Chrome extensions were part of an extensive malvertising and click-fraud network.
Today's issue includes events affecting Australia, Belgium, Canada, China, Estonia, European Union, France, Iran, Japan, Democratic Peoples Republic of Korea, New Zealand, Russia, South Africa, United Kingdom, United States.
Bring your own context.
Should international cyber norms evolve the way the laws of armed conflict have, putting certain kinds of civilian targets off limits to attack? Are the governments of the world on board with that?
"They're all completely on board with the idea of everybody but them keeping it off the table. There's like no state - I mean, I don't know, maybe the Vatican comes up with it or something, but there's like no state that's like, hey, let's deny capabilities to everybody. Every state is let's deny capabilities to everybody but us. And that has always been the problem. And there's all sorts of, you know, political theories you can get into there. And the reality is, without dragging things into the light and holding people accountable, it's just not going to work."
—Robert M. Lee, CEO of Dragos, on the CyberWire Daily Podcast, 2.11.20.
What, hey, didn't that League of Nations thing work out? Or the Kellogg-Briand treaty? What? No? Sad! Well, we'll always have the Missile Technology Control Regime, right?
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
A note to our readers: no publication on Monday.
Monday is Presidents Day, and the CyberWire will be observing the US Federal holiday by taking the day off. We'll be back as usual on Tuesday.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
ON THE PODCAST
In today's CyberWire Daily Podcast, out later this afternoon, we talk with our partners at Cisco Talos, as Craig Williams gives us an update on JhoneRAT. Our guest, Shuvo Chatterjee from Google, shares lessons from the company's Advanced Protection Program, and in particular on the importance of reducing user friction. If security is an impediment, users will bypass it.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!
Industrial Control Systems are Everywhere Hands-On Demonstration(Online, February 18, 2020) Join Dragos at their Feb. 18 ICS Range demonstration to see real control systems, learn about ICS adversaries and hear how to protect your networks. Tom VanNorman, Dragos Director of Engineering Services and co-founder of the ICS Village, walks you through this realistic range and shares his inspiration for developing it.
The Human Hacking Conference(Orlando, Florida, USA, February 20 - 22, 2020) The Human Hacking Conference is an all-encompassing event that teaches business, security, technology, and psychology professionals the latest expert techniques in human deception, body language analysis, cognitive agility, intelligence research, and security best practices.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Cyber Conversation Speaker Series with author Andy Greenberg(Columbia, Maryland, United States, March 11, 2020) On March 11, 2020 at 11:00am at the Maryland Innovation and Security Institute's DreamPort cyber capabilities and mission accelerator facility we will be hosting the first cyber conversation speaker series with author Andy Greenberg.
CyberCon 2020(Anaheim, California, USA, March 30 - April 1, 2020) The CyberCon Industrial Cybersecurity CISO Summit & Workforce Development Conference is a solutions-based cybersecurity conference promoting networking, collaboration and sharing of solutions between cybersecurity experts and leaders in power and utility companies. Gain unprecedented access to over 40 innovative speakers covering a range of pressing cybersecurity topics and an expo featuring 100+ cybersecurity technology providers showcasing innovative solutions. A “Workforce Development Forum” will provide strategies companies need to recruit, train and retain top cybersecurity talent.
US Govt Updates Info on North Korean Malware(BleepingComputer) The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released new info on North Korean malware with six new and updated Malware Analysis Reports (MARs) related to malicious cyber activity from North Korea.
New phishing scam targets Alaska USA Federal Credit Union members(Webcenter 11) According to a press release from the Alaska Department of Law, the scammers send a text or email claiming the recipient's account has been suspended. The messages say the recipient must click on a link that will allow them to reactivate their account.
Schneider Electric Modicon Ethernet Serial RTU(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Modicon BMXNOR0200H
Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution or cause a denial-of-service condition.
Dozens of Rutter's locations affected by data breach(WHP) Rutter's is notifying customers that the company experienced a data breach in 2018 and 2019. Most customers may have been impacted by the breach if they shopped at Rutter's stores between October 1, 2018 and May 29, 2019. At nine locations, access to data may have begun as early as September 20, 2018. At one location, the breach may go back as far as August 30, 2018. Rutter's has provided a list of locations affected, including time frames for each one.
1 in 6 Massachusetts Communities Hit by ‘Ransomware’ Attacks(NBC Boston) One January morning two years ago, hackers seized control of the Bedford Police Department’s electronic records. They were holding them hostage, and time was ticking; the longer the town waited to pay up, the higher the ransom demand would climb.
Nine-year-old boy's identity stolen in data breach, cybersecurity expert weighs in(KATU) A trip to the hospital a few years ago has cost Kristen Matthews' 9-year-old son his identity. As a Health Share of Oregon member, his data was not only compromised in the organization's recent breach, but used to open a U. S. Bank Credit Card, according to his mother. The credit card with her son's name arrived at Matthews' home the other day, just after she learned about the data breach. "This is not OK, especially for a child. This is not OK," said Matthews.
Security Patches, Mitigations, and Software Updates
Number of Records Exposed in 2019 Hits 15.1 Billion(Risk Based Security) Today, we released our 2019 Year End Data Breach QuickView Report, which finds that the total number of records exposed increased by 284% compared to 2018.
In total, there were over 15.1 billion records exposed shattering industry projections. There were 7,098 breaches reported in 2019, a 1% inc
Data Leaks in the Medical Industry: The Problem Continues(WizCase) After our previous report on database leaks from medical websites around the world, WizCase’s security team diligently continued their research. They discovered 3 additional unsecured medical databases with confidential information, including full names, passport numbers, birth dates, addresses, and phone numbers. These databases were found in the context of performing research to help companies ...
RSA 2020: The Show Must Go On(BankInfo Security) While public health concerns over the spread of the coronavirus are leading to the cancellation of some international events, the RSA Conference 2020 will proceed
Darktrace appoints Catherine Graham as CFO(Back End News) Cyber AI company Darktrace recently announced that Cathy Graham will join as its new chief financial officer (CFO) this month. Previously at 2U, an education technology firm, Graham has broad exper…
Terbium Labs Adds Industry Veteran Ayesha Prakash to Executive Team as Chief Revenue Officer(MarTechSeries) Prakash, an award-winning executive, will play key role as Terbium Labs enters its next stage of growth Terbium Labs, a leading digital risk protection company, announced that it has named Ayesha Prakash as Chief Revenue Officer (CRO). Prakash will be responsible for overseeing Terbium's revenue generation strategy and execution in order to increase the company's momentum and customer acquisition. Prakash comes to Terbium Labs from Flashpoint, a Business Risk Intelligence Company, where she was the Head of Worldwide Channels and Partnerships. She built and then spearheaded the 150% year-over-year growth of the organization's award-winning SPARK Partner Alliance program. Marketing Technology
What Makes AMULET ™ Technology Unique and Different?(Cynapsis) Simple explainer on what makes our patented cybersecurity unique. The term "digital asset" is used in the video, but think of this as a file - which could be a Word doc, an image, an audio recording, etc.
Microsoft to secure New Zealand’s democratic elections(Technology Record) Microsoft will provide all New Zealand political parties and non-governmental organisations that conduct political analysis or education with free access to its AccountGuard security service ahead of the country’s upcoming general elections.
The service helps customers engaged in the electoral process with threat detection and provides guidance on improving cybersecurity practices.
AccountGuard was first deployed in the United States in 2018 to address the growing threats...
Nevada Democrats reveal Google Forms-based plan for transmitting early vote data, caucus results(Nevada Independent) A party official said Nevada Democrats consulted with Google on how they plan to use the company’s technology to carry out the caucus process and have been assured by them that it is a “secure process” and that the company is “comfortable” with it. The official added that Google did not specifically develop anything new for the caucus calculator and that it is “off the shelf technology.”
GDPR Compliance: Should CISO Serve as DPO?(BankInfo Security) As organizations settle into the third year of enforcement of the EU’s General Data Protection Regulation, some are struggling to define and understand the role
New Lab Opens at Purdue, Expands Capabilities(Inside INdiana Business) Purdue University’s CERIAS (Center for Education and Research in Information Assurance and Security the edition of a new laboratory. The new SOL4CE facility dramatically increases Purdue’s cyber-physi
The US is charging Huawei with racketeering(TechCrunch) Ratcheting up its pressure campaign against Huawei and its affiliates, the Department of Justice and the FBI announced today that it has brought 16 charges against Huawei in a sprawling case with major geopolitical implications (you can read the full 56-page indictment here). Huawei is being charge…
Looks Like Huawei Might Be Screwed This Time(Gizmodo) The Department of Justice announced on Thursday that it was unsealing a superseding indictment against Chinese tech giant Huawei, charging the company and several of its affiliates under a law traditionally used to take down sprawling criminal syndicates that operated under multiple layers of secrecy.
Analysis: Indictments in Equifax Hack(BankInfo Security) The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also
United States of America v. Larry Dean Harmon(US District Court for the District of Columbia) 1. Defendant LARRY DEAN HARMON ("HARMON") was a resident of Ohio and Belize. 2. Starting in or about April 2014, HARMON owned and operated a Darknet search engine called Grams.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...
The Human Hacking Conference 2020(Lake Buena VIsta, Florida, USA, February 20 - 22, 2020) Once flagged by the FBI and the US banking industry as a potential national security threat, the Social Engineering Village (SEVillage) presents this unprecedented experience, The Human Hacking Conference,...
RSA Conference 2020(San Francisco, California, USA, February 24 - 28, 2020) Be part of a conversation that has the power to change the world. Join top cybersecurity leaders and a dedicated community of peers as we exchange the biggest, boldest ideas that will help propel the industry...
ISSA Central MD Information Security Conference(Columbia, Maryland, USA, February 28, 2020) Information System Security Assocition's Central Maryland Chapter is hosting a day long cybersecurity conference spanning two tracks that'll include topics covering: Leadership in cybersecurity - why it...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.