MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 7, 2020.
CyberWire Pro is coming soon.
We're pleased to announce our new subscription program, CyberWire Pro, is launching soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
So far no Iranian cyber operations more serious than the defacement of the Federal Depository Library Program have come to public knowledge, and as the New York Times points out, that action amounted to picking some pretty low-hanging fruit.
But the US Government continues to assess the risk of Iranian cyberattack as high, and CISA has released a terse warning not to underestimate Tehran’s capabilities. CyberScoop reports that the Multi-State Information Sharing and Analysis Center (MS-ISAC) has also quietly warned its members to beware of Iranian cyberattacks. New York State’s Department of Financial Services has also advised the banks and other institutions it regulates that they may well receive the attentions of Iranian hackers.
The Chertoff Group outlines the likeliest forms Iranian cyberattacks might take. These include destructive “wiperware,” ransomware, distributed denial-of-service, supply chain attacks, and actions against operational technology.
More observers are willing to speculate that the recent cyber espionage incident at Austria’s Foreign Ministry was the work of Russia. The evidence is circumstantial almost to the point of being a matter of a priori probability, but the word on the street (as summarized by Infosecurity Magazine) is that it looks like the work of Fancy Bear.
Researcher Kevin Beaumont warns that REvil ransomware (also known as Sodinokibi) is exploiting unpatched Pulse Secure VPN servers to prospect larger enterprises.
Vice reports that Google has restored the widely mistrusted ToTok app, thought to be an Emirati surveillance tool, to the Play Store. ToTok denies allegations its chat app is spyware.
Today's issue includes events affecting Austria, China, Colombia, France, Germany, Iran, Israel, Netherlands, Russia, Taiwan, United Arab Emirates, United Kingdom, United States.
Bring your own context.
People are noticing that the more features a device has, the more bugs it harbors.
"And I think it's a little bit of a trend these days where researchers and the bad guys are really looking at this perimeter devices closely. Users ask for more and more features in these perimeter devices, meaning more and more code that's not exposed at your perimeter. You have seen like, for example, that FortiGate directory-traversal vulnerability last year and a couple hours. Basically, you know, know what you ask for. When you want more features, you'll also get more bugs."
—Johannes Ullrich, dean of research at the SANS Technology Institute, on the CyberWire Daily Podcast, 1.3.20.
Is it a case of getting what you ask for, and getting it good and hard?
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee takes a look back at 2019's industrial control system security issues. Our guest is Tom Tovar from AppDome, with a discussion of mobile API security.
And Recorded Future's podcast, produced in partnership with the CyberWire, is up. In this episode, "Protecting the Financial Sector Never Goes out of Style," their guest is Daniel Cuthbert. He’s the global head of cybersecurity research for Banco Santander, and he sits on both the Black Hat review board and the Black Hat training board. The conversation centers on his work in the financial industry, his unusual path to cybersecurity, and his thoughts on creative diversity. He offers his take on threat intelligence, as well as his insights on team leadership and seeking a career in security.
Free Dragos Webinar: Introducing MITRE ATT&CK™ for ICS and Why it Matters(Online, January 14, 2020) Register today for the Jan. 14 webinar introducing the MITRE ATT&CK for ICS, a new framework that organizes and codifies the malicious threat behaviors affecting industrial control systems. Led by security experts from Dragos and MITRE, who worked together on the framework, you’ll find out how it works, why it was developed and when to apply it.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
US Govt Says Iran's Cyberattacks Can Disrupt Critical Infrastructure(BleepingComputer) The U.S. Department of Homeland Security (DHS) warned in a terrorism threat alert issued through the National Terrorism Advisory System (NTAS) that potential cyberattacks carried out by Iranian-backed actors against the U.S. have the potential to disrupt critical infrastructure.
Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad(CISA) The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:
US banks put on red alert as Iran crisis deepens(Finextra Research) The US Government's increasingly belligerent confrontation with Iran has prompted New York's Department of Financial Services to urge banks to heighten cybersecurity precautions.
The Death of Qassim Suleimani and Risks to Global Security(Chertoff Group) On January 3, 2020, a U.S. drone strike near Baghdad airport killed Maj. Gen. Qassim Suleimani, one of Iran’s most powerful military commanders overseeing security and intelligence, and close confidant of Supreme Leader Ayatollah Ali Khamenei.
Should you be afraid of an Iranian cyberattack? The answer is complicated(Digital Trends) Here’s the good news: Iran likely won’t target ordinary Americans. Any and all cyberattacks that Iran would carry out would likely be against U.S. government agencies or major corporations that Iran has already, in some way or another, infiltrated and can already easily cause a disruption. Iranian hackers most likely won’t go after your phone, your Google account, or your favorite website.
Why the world must pay attention to the fight against disinformation and fake news in Taiwan(TechCrunch) On Saturday, Taiwan will hold its presidential election. This year, the outcome is even more important than usual because it will signal what direction the country’s people want its relationship with China, which claims Taiwan as its territory, to move in. Also crucial are efforts against fake news. Taiwan has one of the worst disinformation problems in the world and how it is handled is an important case study for other countries.
MageCart Skims Credit Cards from FocusCamera.com(Juniper Networks) Late in December 2019, someone I know received a notification from their credit card company stating a transaction for a purchase of substantial value was pending. Not recognizing the transaction, the person immediately contacted the credit card company to put a stop to the transaction which had n...
Sodinokibi Ransomware Hits Travelex, Demands $3 Million(BleepingComputer) It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
Vulnerability Summary for the Week of December 30, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Colorado Town Wires Over $1 Million to BEC Scammers(BleepingComputer) Colorado Town of Erie lost more than $1 million to a business email compromise scam (BEC) that ended with the town's employees sending the funds to a bank account controlled by scammers.
YouTube starts limiting ad targeting and data collection on kids content(TechCrunch) YouTube now officially limits the amount of data it and creators can collect on content intended for children, following promises made in November and a costly $170 million FTC fine in September. Considering how lucrative kids’ content is for the company, this could have serious financial ramifications for both it and its biggest creators.
Signicant Multi-Domain Incidents against Critical Infrastructure (SMICI) Dataset(National Consortium for the Study of Terrorism and Responses to Terrorism) As a part of an ongoing effort to better understand adversaries’ multi-domain behavior and motivations, the Unconventional Weapons & Technology Division (UWT) of the National Consortium for the Study of Terrorism and Responses to Terrorism (START) has completed the initial development of the Signicant Multi-Domain Incidents against Critical Infrastructure (SMICI) dataset, a trst of its kind.
5 cybersecurity trends for 2020(CIO Dive) With industry-known strains morphing into new killers and regulators dutifully watching for errors, companies are looking to their infosec team more than ever.
Xerox makes another try for HP, this time with funding locked in(Silicon Valley Business Journal) "We have always maintained that our proposal is not subject to a financing contingency, but in order to remove any doubt, we have obtained binding financing commitments," Xerox CEO John Visentin wrote in a letter to HP Inc.'s board.
Will Dell Technologies Fetch $3B for RSA?(SDX Central) Dell Technologies wants to sell RSA Security business for at least $3 billion and has hired Morgan Stanley to help with the sale, according to PE Hub. A company spokesperson declined to comment on the report.
Imperva Names Pam Murphy as CEO(Imperva) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced its board of directors has appointed Pam Murphy – a seasoned executive in enterprise software – as CEO, effective immediately. Interim CEO Charles Goodman will continue to serve as …
Thrilled to Join Imperva(Imperva Blog) Today marks my first day at Imperva and I could not be more thrilled to join the outstanding team behind the impressive products that keep our customers safe every day. I’ve been asked to share why I joined Imperva, and candidly there are a number of reasons: First, timing: I think that security – especially …
Industrial Operators on Alert in Wake of U.S. Cyberattack Warning(Security Boulevard) On January 4th, the U.S. Department of Homeland Security (DHS) issued a National Terrorism Advisory bulletin warning of a potential cyberattack by Iran in the wake of a U.S. drone attack that killed a senior Iranian military commander. Read Nozomi Networks experts take on the new reality of cyberattacks on U.S. interests. The post Industrial Operators on Alert in Wake of U.S. Cyberattack Warning appeared first on Nozomi Networks.
Is New York cyber-battle ready?(CSNY) The United States’ surprising killing of Iran’s top commander, General Qassem Soleimani, late last week has prompted many logistical, strategic and constitutional questions, but the most pressing among them is what Iran’s next steps will be.
Reeling in a big phish(Accounting Today) Strong cybersecurity and employee training are crucial to preventing phishing attacks.
Kubernetes Gets a Runtime Security Tool(EnterpriseAI) As more enterprise users deploy Kubernetes as their preferred container orchestrator, momentum is building to lock down security on vulnerable hybrid
Rudy Giuliani mixed White House role, personal business in cybersecurity(San Francisco Chronicle) Rudy Giuliani’s mixing of his business interests, closeness with President Trump and involvement in government actions involving Ukraine is the subject of much attention as the impeachment case against the president moves toward the Senate. But a Chronicle investigation has found that Giuliani’s blurring of White House and personal business didn’t start with Ukraine. It began in 2017 when Giuliani was named as a White House adviser in an area where he had limited experience but was trying to build a clientele: cybersecurity.
InfoTrax Gets Slap on The Wrist After Being Breached 20+ Times(BleepingComputer) The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions.
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.