MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 2, 2020.
By the CyberWire staff
Microsoft has confirmed that APT31, the North Korean threat group Redmond tracks as "Thallium," has indeed been aggressively pursuing Windows users, and that Microsoft has seized fifty domains Thallium used in its espionage campaigns.
The Wall Street Journal on Monday published its investigation into the Cloud Hopper cyberespionage campaign that Reuters broke in December 2018. The US Justice Department at that time indicted two Chinese nationals (both of whom remain at large) and alleged that the duo had been working for the Chinese Ministry of State Security's APT10. It now appears, according to the Journal, that the espionage was far more widespread than originally reported, extending to more companies than the fourteen alluded to in the indictment.
The US General Services Administration has announced that its procurement schedules, to be refreshed on January 15th of this year, will include bans on doing business with companies whose offerings include “substantial or essential” components from specified Chinese companies, notably Huawei and ZTE. FedScoop points out that this will affect companies whose supply chains are too enmeshed with those of the proscribed companies.
India, for its part, will subject equipment proposed for 5G networks to security trials, a development the Economic Times reports has been welcomed by Huawei. The company, which had a good 2019 despite the security controversies it encountered, says it expects 2020 to be "difficult." But the company's CEO has a brave face: "If not for the bone-deep bite of winter, where would we get the heady scent of plums?"
Today's issue includes events affecting Brazil, Canada, China, France, Germany, India, Italy, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Pakistan, Russia, Saudi Arabia, South Africa, Turkey, United Arab Emirates, United Kingdom, United States.
Bring your own context.
An expert takes a look at recent disclosures of security issues involving smart home products and sees an Internet-of-Things glass that's half full.
"But there might be people out there who would think that, hey, well, that means IoT devices aren't secure. You know, I saw that newspaper article about the Ring doorbell getting hacked. And therefore, I don't want one. You know the whole song and dance. But I think this is actually a positive thing, right? When I look at this and I think about the way that software works, you know, and the fact that all software has bugs - right? - it's the nature of the beast, basically what it means is that, you know, IoT companies are taking software more seriously. They're looking for issues. Of course they're finding issues, right? If you look at any piece of software, you're going to find issues. What we can say here is that we found issues, we worked with the vendors to address them, their maturity model is improving. And I think what we're seeing are definite steps in the right direction. So we were surprised, and we were very pleased with how it turned out."
—Craig Williams, director of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 12.20.19.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan shares the story of a financial advisor who paid the price for falling for a phishing scheme. Our guest is Dave Burg from EY, with a global perspective of cyber security risk.
Hacking Humans is also up. In this episode, Dave has a warning from a galaxy far, far away. Joe has a report of a scam attempt on a listener who fancies fancy pens. The catch of the day features a Tinder dating app bot scam. Our guest is Dennis Dillman from Barracuda Networks, sharing his thoughts on employee training.
And in case you missed it, a CyberWire Special Edition Podcast is up. In this Special, "Avoiding VC pitfalls with Ron Gula and Mike Janke," we hear some advice from a pair of seasoned cybersecurity investors. Ron Gula caught our eye with an article he recently published, "Cyber entrepreneur pitfalls you can avoid." In it, he gathers a group of tech investors to get their takes on the dos and don'ts of pitching to venture capitalists. Ron runs Gula Tech Adventures along with his wife Cyndi, where they support the next generation of cyber technology strategy and policy. DataTribe's Mike Janke joins the conversation with his experiences guiding hopeful young entrepreneurs through the pitch process.
Ghosts in the Clouds: Inside China’s Major Corporate Hack(Wall Street Journal) In the breach known as Cloud Hopper, cyberattackers allegedly working for China’s intelligence services broke into cloud companies, including CGI and IBM, to steal volumes of intellectual property and records from scores of companies.
Doctored Videos, Phony Blogs, Moral Panic: The Top 10 Fake News Stories Of 2019 (For Real)(RadioFreeEurope/RadioLiberty) This year, viewers have had to wade through manipulated videos passed off as real, blogs written by anonymous trolls, and a widely debunked theory with adherents in the White House. That’s not to mention the many routine instances of wrong or misleading info spread by media outlets, politicians, and others. Here are 10 stories from 2019 of disinformation running rampant.
India Used Israeli Spyware To Target Top Pakistani Officials, Diplomats(EurAsian Times: Latest Asian, Middle-East, EurAsian, Indian News) According to a report in the British newspaper – The Guardian, mobile phones of at least two dozen Pakistani government officials have been targeted using technology developed by Israeli company NSO. Iran Days Away From Developing Nuclear Weapons – Israeli Intelligence Reports It is unclear who was involved in the attack, but it was feared […]
Disk Structure Wipe - Enterprise(MITRE ATT&CK™) Adversaries may corrupt or wipe the disk data structures on hard drive necessary to boot systems; targeting specific critical systems as well as a large number of systems in a network to interrupt availability to system and network resources.
One Day, Three Credit Card Data Breach Notifications(BleepingComputer) On the same day this week, two restaurants and a convenience store, all with locations across the U.S., disclosed security breach incidents that may have enabled attackers to steal customer payment card data.
Email Domains Vulnerable to Election Infrastructure Cyber Attack(MSSP Alert) Email is being “significantly overlooked” as threat vector in securing election infrastructure, a recent report said. While voting officials such as county auditors, clerks, or boards of elections regularly communicate with the public via email and real-time election results are sent to the media by email, in many states and counties in the U.S. it …
Cyber attack forces RavnAir to cancel flights in Alaska(MarketBeat) RavnAir says it will operate a normal afternoon schedule on Saturday after the company canceled about a half-dozen morning flights in Alaska following what it described as “a malicious cyber attack” on its computer network
Ransomware attack forces Arkansas CEO to fire 300 employees days...(HOTforSecurity) The chief executive officer of a telemarketing company in Sherwood, Arkansas has let go 300 employees after the company failed to recover from a ransomware infection months back. In a deeply apologetic letter to employees, The Heritage Company CEO Sandra Franecke said two months ago their...
Wawa establishes ID protection service after breach(The Delaware County Daily Times) Wawa is taking a proactive approach to help customers who may have been affected by a months-long data breach this year that may have compromised credit card information used at
Cyberattack Impacts MTSA Facility Operations(US Coast Guard Marine Safety Information Bulletin) The purpose of this bulletin is to inform the maritime community of a recent incident involving a ransomware intrusion at a Maritime Transportation Security Act (MTSA) regulated facility.
Vulnerability Summary for the Week of December 16, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
checkout pages to steal customer payment data.
Attack Vectors of 2019(TechTalk) A look at how cyber criminals break in There was a report released some time in late 2018 that ransomware attacks were on the decline. That was 2018.
A Round-up of Data Breaches in December 2019(CipherCloud) Canadian banks targeted in a massive phishing scam A phishing campaign targeting Canadian banks has been detected by Check Point engines. The campaign involves creating hundreds of lookalike domains of multiple banks including Royal Bank of Canada (RBC), Scotiabank, Wells Fargo, CIBC and TD Canada Trust. In the case of RBC, the attacks are carried …
Cloud vulnerabilities to increase in 2020: Palo Alto networks(AME Info) Go-compiled malware was steadily on the rise for in 2019 and as much as 92% of the samples identified were compiled for the Windows operating system, indicating that this is the most heavily targeted system by Go malware developers...
Inside the NSA’s plan to lure cyber talent(Federal Times) The defensive and espionage missions undertaken by the National Security Agency require efforts from some of the top tech operators in the world, and these operators must come from somewhere. Enter the NSA's partner institutions — designated Centers of Academic Excellence.
Arm looking to sell cyber-security unit(Electronics Weekly) Arm and Gemalto, a subsidiary of Thales, are looking for a buyer for their loss-making cyber-security jv Trustonic. Last year Trustonic lost €8.3 million o
VMware completes $2.7 billion Pivotal acquisition(TechCrunch) VMware is closing the year with a significant new component in its arsenal. Today it announced it has closed the $2.7 billion Pivotal acquisition it originally announced in August. The acquisition gives VMware another component in its march to transform from a pure virtual machine company into a cl…
F5 Stock Falls On Acquisition, As Deal Heightens Akamai Rivalry(Investor's Business Daily) F5 Networks (FFIV) made its second large acquisition in 2019, agreeing to purchase security software maker Shape Security for $1 billion in cash. F5 stock fell on the deal, expected to increase competition with Akamai Technologies (AKAM) and others.
Broadcom quietly acquired a small cyber analytics software company(Silicon Valley Business Journal) Broadcom has its U.S. headquarters in north San Jose on Ridder Park Drive. The company acquired Bay Dynamics earlier this month, according to regulatory documents. The acquisition comes as the latest step in Broadcom's buildout of its security business.
10 Hot Cybersecurity Companies To Watch In 2020(CRN) Many of the industry's fastest-growing vendors will have their hands full in 2020 integrating major acquisitions, completing their first year as a publicly-traded company, or rolling out new partner programs and technical capabilities.
Webcast: Passwords: You Are the Weakest Link(Black Hills Information Security) Why are companies still recommending an 8-character password minimum? Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.
Using light to encrypt communications(Phys.org) Researchers of the UT found a new way to protect data from attacks with quantum computers. As they published today in New Journal of Physics. With quantum computers on the rise, we can no longer exclude the possibility that a quantum computer will become so powerful it can break existing cryptography. Single particles of light are already being used to protect data but the transmission of one bit per photon is slow. Pepijn Pinkse led the experiment to increase the transmission speed up to seven bits per photon.
GSA pushes forward with ban on Huawei, ZTE in 2020(FedScoop) The Federal Acquisition Service’s first refresh of its consolidated schedule will include the ban on contracting with vendors tied to Chinese tech companies Huawei and ZTE via the supply chain. While the refresh is slated for Jan. 15, agencies have until Aug. 13, to comply with the ban laid out in Section 889(a)(1)(B) of the National Defense Authorization Act of …
Can this group become 1-800-AI for the Pentagon?(C4ISRNET) “The JAIC is not just about delivering the products. We’re really trying to work toward becoming the DoD’s AI Center of Excellence,” said Nathaniel D. Bastian, a senior data scientist and AI engineer with the Pentagon's Joint Artificial Intelligence Center. “We want to be 1-800-AI.”
Orange Denies Responsibility for Cyber Attack on African Rival(Bloomberg Law) Orange SA finds itself party to a London lawsuit that alleges the management of a small phone carrier it purchased in 2016 was behind a cyberattack on rival Lonestar Cell MTN, a unit of Africa’s largest wireless carrier MTN Group Ltd.
Five Sentenced to Death in Khashoggi Murder, Royal Aides Cleared(Bloomberg) A Saudi court sentenced five people to death for the murder of government critic Jamal Khashoggi, a killing that strained relations with key allies, but didn’t have enough evidence to incriminate two top officials close to Crown Prince Mohammed bin Salman.
Transnational White Terror: Exposing Atomwaffen And The Iron March Networks(Bellingcat) In collaboration with the Autonomous Disinformation Research Network – @DisinfoResearch On Wednesday, November 6, 2019, leaked data from the defunct neo-Nazi forum, Iron March, emerged online, exposing the personal information of more than 1,200 members, including the locations of their IP addresses and, in some cases, their real names. Already, activists sifting through the database...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.