MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 28, 2020.
By the CyberWire staff
The University of Toronto’s Citizen Lab reports its conclusions that a New York Times journalist was hit with Pegasus spyware in June of 2018. The vector was a text message that contained a hyperlink to a site associated with a “Pegasus operator” Citizen Lab calls “KINGDOM,” and which the Lab says is connected to Saudi Arabi. Other KINGDOM targets included Saudi dissidents and an Amnesty International staffer.
A joint inquiry by Motherboard and PCMag disclosed that Avast subsidiary Jumpshot was selling anonymized user data to companies who found it valuable for various marketing purposes. Avast’s free antivirus software collects such data on behalf of Jumpshot, which then provides the information to its customers. Some, perhaps most, customers are unaware that their data are being sold. While those data are anonymized, they’re sufficiently rich to offer some prospect of de-anonymization. It’s a bad look for the company, whose browser extensions were removed from Mozilla, Google, and Opera stores over similar data collection. Avast stopped collecting via extensions, but appears to have shifted to collecting via its antivirus software.
Avast has sought to make a fresh start, offering users of its product a chance to opt out of the collection, but some remain unmollified: PCMag writes that US Senator Warner (Democrat of Virginia) has asked the Federal Trade Commission to increase enforcement actions against such sale of customer data.
Computing reports that the British Government has reached a compromise on Huawei: let the vendor into 5G’s non-core, peripheral parts, but no farther.
Today's issue includes events affecting China, Estonia, European Union, Indonesia, Iran, Latvia, NATO/OTAN, Pakistan, Saudi Arabia, Singapore, United Kingdom, United States.
Bring your own context.
If you're a politician, foreign intelligence services are interested in you.
"Well, given that this is the year 2020 and that we are looking at what could be one of the most contested and contentious election years in American history, I believe that nation-states will look to continue to interfere in the election. And one way that they could do that is through getting out ahead of stories. And what I mean by that is we have seen not only in 2019 and in 2020 and in 2016, but any time that there is a scandal or a question about a person or an organization or a company and if they're up there in the news, the nation-states looking to further their cause, perhaps for the opposing candidate, they'll actually launch a cyberattack against that person, that individual, that organization or that company in order to get the data before anyone else can or before its release and either leak it or use it for blackmail. And we've seen that historically. So I believe that nation-states will become much more predatory when it comes to the headlines."
—Justin Harvey, Global Incident Response Leader at Accenture, on the CyberWire Daily Podcast, 1.24.20.
There's a value to getting ahead of the headlines.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
ON THE PODCAST
In today's CyberWire Daily Podcast, out later this afternoon, we hear from our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan discusses evolving ransomware business models. Our guest is Dr. Christopher Pierson from BlackCloak, with insights on the alleged Bezos phone hack and the vulnerabilities of high-profile individuals.
And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. In this episode, "Teachers, Trainers, and Educators," Evan Paul Jensen, CTO and co-founder of Boston Cybernetics, discusses his organization's unique approach to training and operational security issues.
Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa(Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Suits & Spooks(Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Cyber Attacks, Threats, and Vulnerabilities
Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator - The Citizen Lab(The Citizen Lab) New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.
FBI Releases Alert on Iranian Hackers' Defacement Techniques(BleepingComputer) The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites.
Tracking REvil(KPN) After the message GandCrab quit, a hole was left in the scene. It was time for a new contender. In the last few months REvil/Sodinokibi seems to have filled that gap. There already have been multiple blogs describing the similarities between GandCrab and REvil affiliates. We’ll stay clear of the similarities in this blog and focus on the usage statistics of the ransomware family by looking at samples, infection rates and ransom demands.
A new piece of Ryuk Stealer targets government, military and finance sectors(Security Affairs) A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. Security experts from MalwareHunterTeam have discovered a new version of the Ryuk Stealer malware that has been enhanced to allow its operators to steal a greater amount of confidential files related to […]
Zoom-Zoom: We Are Watching You(Check Point Research) Alexander Chailytko Cyber Security, Research & Innovation Manager In this publication we describe a technique which would have allowed a threat actor to potentially identify and join active meetings. All the details discussed in this publication were responsibly disclosed to Zoom Video Communications, Inc. In response, Zoom introduced a number of mitigations, so this attack... Click to Read More
RCE Exploit for Windows RDP Gateway Demoed by Researcher(BleepingComputer) A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws.
Vulnerability Summary for the Week of January 20, 2020(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Americans want stronger privacy over easier access to health data(HOTforSecurity) In a welcome mentality shift, Americans are starting to put their privacy first and convenience second when it comes to their health data, according to a study by America’s Health Insurance Plans (AHIP). Most surveys asking people about their experience... #health #healthdata #healthrecord
What happens in cyberspace does not stay in cyberspace(The International News) We live in an era of transformation, witnessing the process of digitisation rapidly taking place in every possible sector across the globe. The development in telecommunication industry and the growing digital space has opened new avenues to...
IoT Trouble: The Sonos Example — And More(Medium) The everything-computerized-and-always-connected smarthome is a work in progress. This slow pace is a good thing because it gives us time to consider new technical and societal challenges.
Datadobi Eases NAS Migrations with New DIY Starter Pack(Yahoo) Datadobi, the global leader in unstructured data migration software, is making its purpose-built NAS migration technology – already in use by hundreds of the world’s largest organizations for the biggest, most complex projects – available to companies of all sizes via a Starter Pack. The channel-ready
Can PAM Coexist with the Zero Trust Security Model? Yes says Thycotic(American Security Today) By Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO at Thycotic What is the Zero Trust security model and why was it introduced? The concept of Zero Trust security isn’t new; the term was coined by Forrester back in 2010 and was initially synonymous with a network security approach known as micro-segmentation. Micro-segmentation is …
What You Should Actually Learn From a Pentest Report(Black Hills Information Security) So you’ve been pentested. Congrats! It might not feel like it, but this will eventually leave you more confident about your security, not less. The real question is – why might it not feel like it? Pentest findings can be broken down many ways, of course – the obvious one …
How To Replay RF Signals Using SDR(Black Hills Information Security) RF Signal Replay Techniques Disclaimer: Be sure to use a faraday bag or cage before transmitting any data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your traffic. Preface: Recently, …
Ukrainian Plane Tragedy Challenges Tehran's Narrative Of 1988 U.S. Shoot-Down Of Iranian Airliner(RadioFreeEurope/RadioLiberty) The January 8 downing of a Ukrainian passenger plane by Iran has led some to recall the 1988 U.S. shoot-down of an Iranian commercial aircraft, which Tehran has frequently used in the past 30 years to blast Washington. Analysts say the recent tragedy undermines the clerical establishment's use of the 1988 downing of Iran Air Flight 655 as propaganda against the United States.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
5th Annual Atlanta Cyber Security Summit(Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.