MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 9, 2020.
CyberWire Pro: coming soon.
We're pleased to announce that our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
Citing a report by Saudi Arabia's National Cybersecurity Authority, multiple sources report that "Dustman," a destructive Iranian cyber campaign, has hit Bapco, Bahrain's national oil company. ZDNet outlines the malware as a successor to earlier Iranian wiper campaigns, notably Shamoon. Yahoo News points out that the cyberattack hit on December 29th, 2019, the same day the US retaliated for the death of an American contractor in a rocket attack with airstrikes against Iranian proxies in Syria and Iraq.
Twitter has also suspended two accounts it found impersonating journalists, the Daily Beast reports. The accounts were disseminating "Iranian propaganda," although as usual it's difficult in such cases to distinguish a state-run operation from a hacktivist demonstration. The Telegraph argues that Iran has developed a significant online disinformation capability over recent years. While calling it a capability that rivals Russia's is surely overstated, Tehran's operators aren't contemptible.
As both the US and Iran appear to have backed away from kinetic combat, the New York Times predicts that cyber operations will become more attractive. CNN summarizes the cautions US agencies, notably the FBI and CISA, have issued concerning possible Iranian cyberattacks, and the warnings have reached a spooked and skittish audience. Consider this week's incident in Las Vegas, where local speculation turned quickly to Iran.
Kaspersky has been tracking the Lazarus Group's AppleJeus campaign, and concludes that North Korea is becoming more careful, more sophisticated, and more focused on the cryptocurrency sector as Pyongyang continues its policy of addressing financial shortfalls through cybercrime.
Today's issue includes events affecting Australia, Bahrain, Canada, China, India, Iran, Iraq, Democratic Peoples Republic of Korea, NATO/OTAN, New Zealand, Saudi Arabia, Syria, Taiwan, United Kingdom, United States.
Bring your own context.
Signs of executive buy-in with respect to industrial control system security.
"But the industrial control system community is - I think we've reached a critical turning point - or inflection point, I should say - in the industrial control system community where there is an executive-level awareness that this is going to require an actual strategy for industrial security that's different than the enterprise. And why I say that is, 2018, I did a lot of board presentations at these companies. It was very endearing. And it was exciting to see them having these conversations. But I probably did - I don't know - 15 to 20 of them. In this year, this past year, I have started to see all of the board members that - talked to board members who - network, and similar I'm seeing the CSOs have the same kind of talking points. I'm seeing an executive-level buy-in. We've always had kind of a practitioner-level awareness, but executive-level buy-in that this is something that needs to be done and can be done."
—Robert M. Lee, CEO of Dragos, on the CyberWire Daily Podcast, 1.7.20.
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
And Hacking Humans is up. In this episode, "Ransomware is a reality," Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.
Free Dragos Webinar: Introducing MITRE ATT&CK™ for ICS and Why it Matters(Online, January 14, 2020) Register today for the Jan. 14 webinar introducing the MITRE ATT&CK for ICS, a new framework that organizes and codifies the malicious threat behaviors affecting industrial control systems. Led by security experts from Dragos and MITRE, who worked together on the framework, you’ll find out how it works, why it was developed and when to apply it.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Saudis warn of new destructive cyberattack that experts tie to Iran(Yahoo News - Latest News & Headlines) The Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies in retaliation for a rocket attack that killed an American contractor the previous Friday.
Las Vegas data breach comes amid Homeland Security warning on Iranian cyber threat(KSNV) Around 4:30 a. m. Tuesday, someone attempted to hack into the city of Las Vegas data systems. The city released the following statement to News 3: The city of Las Vegas experienced a cyber compromise at 4:30 a. m. PST Tuesday. The city’s Information Technologies Department is assessing the extent of the compromise. When aware of the attempt, the city immediately took steps to protect its data systems.
No data believed to be lost after city of Las Vegas network breach(KSNV) No data is believed to have been lost following a cyber breach of the city of Las Vegas' network, the city said Wednesday. All systems are functioning as normal after Tuesday's compromise, according to a post from the city's Twitter account. "We do not believe any data was lost from our systems and no personal data was taken," the city tweeted. "We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications.
Travelex Staff Go Back to Basics as Ransomware Cripples Systems(New York Times) Staff at foreign exchange firm Travelex are using pen and paper to serve thousands of customers after the company said cyber hackers were holding its systems to ransom, leading to a global blackout on its online currency exchange services.
Vigilance Is The Best Defense To Cyber Attacks(Alomere Health News) Alomere Health understands the importance of protecting our patients’ information. On January 3, 2020, we began notifying some of our patients of an email incident that may involve portions of their information. On November 6, 2019, we learned that an unauthorized person(s) gained access to an Alomere Health employee’s email account between October 31 and …
Interpeak IPnet TCP/IP Stack (Update D)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Why Phishing Threatens Your Brand’s Integrity(CPO Magazine) Study shows phishing attacks have reached the highest in three years and rising in emerging regions such as Brazil and other parts of South America. Why does it threatens a brand’s integrity?
Security Patches, Mitigations, and Software Updates
2020: The Vulnerability Fujiwhara Effect - Oracle and Microsoft Collide(RBS) Whether you are working in IT or not, you’re probably familiar with Microsoft’s Monthly Patch Tuesday. Introduced in 2003, this is when the software giant releases updates and patches for its software products. As we discussed in September 2018, we have seen more and more vendors piggybacking on thi
AvePoint lands $200M investment to expand market for Microsoft cloud governance tools(TechCrunch) While Microsoft cloud services such as SharePoint, Microsoft Teams and Office 365 are used widely by large organizations, the products don’t come standard with an enterprise-grade control layer. That’s where AvePoint, a Microsoft independent software vendor (ISV), comes in. Today, the company announced a $200 million Series C investment.
IT Pro Tuesday #49 | EveryCloud(EveryCloud) Hello IT Pro, We’re asking you, our community, to help us spread the word about some of the tips and tricks you use to make you more effective at your job. Let us know by email or in the comments below, and we’ll feature them over the next few weeks. Now that we’ve got that out of the way, let’s get onto the tools we have for you this week. As usual, we have to go through the disclaimer – we have no affiliation with any of the brands listed below unless we specifically say so.
VPNs—Better Off With ‘Em Or Without ‘Em?(Safe-T) With ZoneZero you can adopt a Zero Trust SDP architecture without getting rid of your VPN. Safe-T’s SDP enhances VPN security by adding SDP capabilities, allowing access to applications and services only after trust has been verified.
Mocana joins forces with Siemens to secure industrial IoT(Telecompaper) Mocana entered a new partnership with Siemens Digital Industries Software to bring Mocana’s security functionalities to any Industrial Internet of Things (IIoT) devices using MindSphere, the cloud-based IoT operating system from Siemens.
Khamenei misjudges Trump and loses his leading terrorist(The Washington Times) At 80 years of age, Ali Khamenei is an old man in a hurry. The ruler of the Islamic Republic of Iran regards himself as the leader of a global revolution, one that began years before the advent of al Qaeda, that jihadi-come-lately.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.