Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
January 17, 2020.
CyberWire Pro, coming in February.
Our new subscription program, CyberWire Pro, will be available in less than three weeks. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
US jitters about the possibility of Iranian cyberattacks persist. While many of the warnings (and Space Daily has a useful collection) are founded largely on a priori probability, Cyberint reminds all that Iran does have a track record in cyberspace. During heightened periods of tension misdirection is often successful, and Fortune cites experts who caution against jumping to conclusions: false flags are always a possibility, and Russia has flown an Iranian false flag in the past.
Reuters reports that Ukrainian authorities have asked for FBI assistance in investigating the alleged Burisma hack and related matters. The news service also says US President Trump may raise the Burisma affair with Russian President Putin.
A report by the Federal Reserve Bank of New York concludes that a cyber attack on a small number of banks could propagate rapidly through the US financial system through the wholesale payments network. It's not necessarily that the malware itself would spread, but rather the way an attack's effects would be amplified by practices like liquidity hoarding, creating a virtual run-on-the-bank. The Fed glumly calls the study a "pre-mortem analysis," which seems more pessimistic than alternatives like "assessment," "diagnosis," or "prognosis."
US authorities have seized WeLeakInfo's domain as part of an international law enforcement operation against the online souk that dealt in compromised credentials. Two men associated with WeLeakInfo have been arrested, according to Computing and others: one in Northern Ireland, the other in the Netherlands.
Bravo, Bitdefender: the company has released a decryptor for Paradise ransomware.
Today's issue includes events affecting China, Estonia, European Union, Germany, Iran, Ireland, Israel, Italy, Netherlands, Russia, Ukraine, United Kingdom, United States.
Bring your own context.
Hey, we hear that some people are just whistling past the privacy graveyard. What's up with that?
"One-third is just winging it - stone-cold crazy, doing nothing. I've got nothing to hide. And I'm praying to God I'm not going to get any sort of fine or legislation against me. So those guys I kind of discount because you really can't help them out of the well, right? You can help their customers educate themselves to protect themselves as much as possible. But you really don't know. There are hospitals out there with no privacy program. So it's hard to say who's who in the zoo. So that's the one that's kind of - it doesn't keep me up at night because I would never sleep. But I ignore that bunch."
—Michelle Dennedy, CEO of DrumWave, on the CyberWire's Caveat podcast, 1.15.20.
The other two-thirds are a mix of people concerned about compliance, of the worried but unsure, of the knowledgeable but underfunded, and so on.
And a quick note to our readers...
Monday is Martin Luther King Jr. Day, and we'll take a break from publication and podcasting while we observe the Federal holiday. We'll be back to our usual schedule on Tuesday.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
CyberTech Tel Aviv(Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Theresa Payton: Iranian Cyber Attacks Still Concerning(News 1110am 99.3fm WBT - Charlotte) Theresa Payton, Cyber Security Expert, Fortalice Solutions talks with Bo. Heightened tensions in the aftermath of the Suleimani killing have U.S. cyber experts worried about Iran-backed cyber attacks in the months to come. Cyber security and voting with a caucus.
Iranian Cyber Capabilities and Threats_Report(Cyberint) This report provides an overview of ten suspected Iranian nation-state sponsored threat groups, referenced by their MITRE ATT&CK™ identifiers, along with their common TTP.
Expect the unexpected from Iran(TheHill) Iranian strategy could quickly change from “poking the bear” to "overwhelming the opponent” — possibly with Russia's assistance.
CYBERSECURITY UPDATE: Big news if it's true(E&E News) A U.S. cybersecurity firm issued a report this week claiming that a Russian military intelligence agency hacked Burisma Holdings Ltd., a Ukrainian natural gas company that has featured heavily in President Trump's impeachment.
Alert Regarding Vulnerability (CVE-2019-19781) in Citrix Products(JPCERT/CC) JPCERT/CC confirmed that information including Proof-of-Concept code about a vulnerability (CVE-2019-19781) in Citrix Application Delivery Controller and Citrix Gateway has been made public. A remote attacker leveraging this vulnerability may execute arbitrary code.
Emotet Returns After Holiday Break with Major Campaigns(Proofpoint US) Threat actor group TA542, the group that’s behind Emotet, is back from their Christmas holiday. Based on past activity and what we’re seeing in just three days, one of the world’s most disruptive threats is back to work and everyone around the world should take note and implement steps to protect themselves.
Attacking the Gatekeepers(Dark Cubed) The first comprehensive analysis of attacks against the Managed Service Providers on the front lines of today’s cyber battlefield
CVE-2020-0601, Are You Vulnerable?(IT Security Guru) What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target sys
Schneider Electric Modicon Controllers(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium
Vulnerability: Improper Check for Unusual or Exceptional Conditions
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Acronis buys 5nine | PE Hub(PE Hub) Acronis has acquired 5nine, a provider of virtualization security and management software for the Microsoft Cloud.
LogicMonitor acquires Unomaly(App Developer Magazine) LogicMonitor acquires Unomaly to enhance observability, and drive intelligent action. Unomaly's artificial intelligence (AI) capabilities provide insights to ITOps and De.
Brief Recap of Open Bug Bounty’s Record Growth in 2019(Open Bug Bounty) With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly appreciate:
Darktrace steps up cyber battle against digital fakes(Business Weekly) Cyber AI specialist Darktrace has expanded its armoury to help clients thwart digital fakes. It has grown its platform to cover additional email systems including G Suite and Microsoft Exchange. The company’s Antigena Email, launched last year for Office 365, has proven a powerful defence against a wide variety of digital fakes as well as account hijacking, email spoofing,
Paradise Ransomware decryption tool(Bitdefender Labs) We're happy to announce a new decryptor for Paradise Ransomware. Paradise Ransomware, initially spotted in 2017, has been aggressively marketed as a service to interested affiliates. After infection, it checks whether the keyboard language is set to... #BitdefenderRansomwareRecognition #decryptor
Meet Russia's New Prime Minister, An 'Enforcer Who Knows Where The Bodies Are Buried'(RadioFreeEurope/RadioLiberty) Mikhail Mishustin implemented significant reforms at Russia's Federal Tax Service during his nearly decade-long tenure at the helm, earning him accolades not only from government officials but also from the business community. Now he has been tasked with running the government as the new prime minister, implementing Putin's National Projects while keeping the elite in line.
We differ in our politics. We agree on Congress’s power to declare war.(Washington Post) We are members of Congress whose political ideologies and priorities run the gamut, but we are united in our determination to safeguard the constitutional duty of Congress to declare war and to ensure that the American people have their voices heard. This duty is essential to providing the men and women of our armed forces the support and clarity of mission they deserve.
Cyber Caucus Co-Chair Applauds NSA Disclosure of Microsoft Vulnerability(MeriTalk) Rep. Jim Langevin, D-R.I., co-chair of the Congressional Cybersecurity Caucus, applauded the Federal government’s handling earlier this week of public disclosure by the intelligence community of serious vulnerabilities it found in Microsoft’s Windows 10 and Service 2016 products, for which the company released patches.
Would da Vinci Support the Pentagon’s New Cyber Strategy?(Small Wars Journal) Drawing inspiration from da Vinci’s observations on force, power, and movement – elements in which “all the works of mortals have their beginning and their end” – this article suggests four cyberspace operations principles.
Bill would make possession of ransomware a crime(Maryland Daily Record) State lawmakers heard arguments Tuesday on a bill that seeks to add criminal penalties for knowingly possessing ransomware with the intent to use it in a malicious way.
News flash from Florida legislators: Telegraph era is over(KOMO) Florida lawmakers are transmitting a news bulletin: The telegraph era is over. Before there was instant messaging, emails and even corded telephones, there was the reliable telegraph to instantaneously transmit messages far and wide. Now, people turn to the internet, text messaging, Twitter, gifs and emojis to write their long-distance notes.
Concerns About Cloud Security Prompt More Scrutiny from Financial Regulators (Wall Street Journal) Regardless of any arrangements under models that divide responsibility between cloud users and providers, regulators from federal agencies and industry bodies said at a Financial Industry Regulatory Authority conference Tuesday that they consider the companies themselves liable for any breaches.
Prosecutors investigating intelligence analysts is a dangerous idea(Washington Post) John Durham, the federal prosecutor chosen by Attorney General William P. Barr to examine the origins of the Russia investigation, is reportedly reviewing the intelligence community’s conclusions about Russian interference in our election. Although Durham has not confirmed the precise scope of his investigation, if these reports are correct, it is a worrisome development.
What Do WAWA and Amazon's Ring Have in Common? Lawsuits Involving Consumer Privacy and Protection(ClearanceJobs) Within the span of seven days this month, in two different regions of the country some 2,700 miles apart, class action lawsuits were filed against WAWA, the East Coast convenience store king, and Ring, the maker of the smart doorbell marketed through Amazon. Both of these suits allege negligence against the defendants for failing to maintain and implement security measures to protect the consumer.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
OFFZONE 2020(Moscow, Russia, April 16 - 17, 2020) This year, cybersecurity specialists, researchers and enthusiasts will meet at the Loft Hall #2. As usual, the focus will be not on business, but on practical issues, fresh research results, and the most...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.