MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 31, 2020.
By the CyberWire staff
The Winnti Group, associated with the Chinese government and best-known for financially motivated attacks and industrial espionage, has turned its attention to Hong Kong. ESET reports finding that Winnti is using its eponymous Trojan to drop the ShadowPad backdoor in machines at five Hong Kong universities. The apparent purpose of the extensive campaign is to collect intelligence on protests of the Mainland’s role in the city. ShadowPad has many modules well-adapted to collection: one of them, for example, is a keylogger.
The US welcomes the EU’s decision on 5G network security, seeing it as European acknowledgement of the unacceptable risks untrusted suppliers bring. Computing reports that Secretary of State Pompeo is confident the US and UK will reach an understanding over Huawei.
The website of Serbian independent media outlet TV N1 has been disabled by distributed denial-of-service attacks this week, possibly DDoS for hire purchased from operators in China. The attacks come, says Balkan Insight, during a squabble with state-owned media over broadcast rights.
BleepingComputer reports that Microsoft has seen a resurgence of the EvilCorp cyber gang, phishing with malicious Excel files.
Vade Secure has found data stolen in the 2015 Ashley Madison breach resurfacing in highly specific blackmail attempts against former customers of the adultery facilitation service.
Digital Shadows says that the Sodinokibi ransomware crew is offering a $15 thousand prize for the best essay on a hacking topics. The researchers leave open the question of whether this represents a serious sharing of expertise or just “threat actor showboating.”
Today's issue includes events affecting Australia, Canada, China, European Union, France, Iran, Israel, Italy, Japan, New Zealand, Russia, Saudi Arabia, Serbia, United Kingdom, United States.
Bring your own context.
Ransomware now routinely adds data theft to simple encryption of the victim's files.
"And then the criminals come back. And they say, OK, well, now we're going to release the documents if you don't give us more money, right? At that point in time, I said that nobody's going to agree to that because there's really nothing that stops them from asking you for more money over and over and over again, right? But what has happened is they are now essentially giving you the two-for-one option, right? They've increased the incentive. So now, when you get your files encrypted, the ransomware notice or the ransomware negotiation says, also, if you don't pay the ransom, we will release your files. That changes the value proposition dramatically, right? Now I get two benefits from paying the ransom. So if my files get encrypted and the person says, I won't release them if you pay the ransom, I won't make them public if you pay the ransom, then the incentive for me to pay the ransom has gone up while the cost has remained the same."
—Joe Carrigan, of the Johns Hopkins University's Information Security Institute, on the CyberWire Daily Podcast, 1.28.20.
Even some underwriters are biting this particular bullet.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Simple, secure identity and access management for your business.
LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.
Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa(Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Suits & Spooks(Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Memory Lane - Direct Memory Access Attacks(Eclypsium) High-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Researchers from Eclypsium demonstrated that, even in the presence of protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start, and Microsoft Virtualization-Based Security, laptops from Dell & HP were susceptible to pre-boot DMA attacks. This powerful class of attacks is an industry-wide issue that threatens servers as well as laptops.
Texting scam using links to target personal information(WCTI) When a text message with a link appears to be from a packaging company, many people say their first instinct is to open the link. However, opening some of these text messages could help hackers steal personal information. It is all part of scam officials call smishing - also known as SMS phishing. Hackers are attempting to get personal information through text, similar to phishing emails.
2019 Holiday Shopping Season Threat Review(RiskIQ) This holiday shopping season raked in a record $1 trillion, an increase of nearly $300 billion from 2018. Overall online sales increased 13%, while Black Friday and Cyber Monday saw 17% and 19% increases, respectively.
Raytheon Takes Control of Forcepoint Cybersecurity Business(Wall Street Journal) The defense company said it paid $588 million to Vista Equity Partners for its minority stake in Forcepoint, four years after creating a business aimed at selling military-style cyber products to commercial clients.
IBM’s Ginni Rometty Steps Down as CEO(Wall Street Journal) Ginni Rometty is retiring after almost 40 years at IBM and will be succeeded as CEO by Arvind Krishna, who heads the company’s cloud and cognitive-software division.
Cybersecurity: Die Frau, die Siemens hackt(Süddeutsche Zeitung) Fabienne Waidelich und ihr Team versuchen jeden Tag, in die Computer von Siemens einzubrechen. Warum? Damit es kein anderer macht. Über eine Frau in einer Männer-Domäne und die Frage: Was macht ein Hacker eigentlich?
Cyber Campus backed by Orange, Atos and Thales to open in Paris in Q1 2021(Telecompaper) France's secretary of state for digital affairs, Cedric O, has announced the launch of the Cyber Campus initiative with the publication of a paper presenting the project, which owes its origin to the work of Michel Van Den Berghe, CEO of Orange Cyberdefense. Located in the Paris region, the new 10,000 square metre site will group between 500 and 1,000 cyber security experts from its launch, which is planned for Q1 2021.
Cybersecurity firm plans move to Fairlawn(Akron Beacon Journal) TrustedSec started in the basement of a Northeast Ohio home in 2012.Almost eight years later, the information security consulting firm that breaks into
Avoiding Risk Acceptance With Security Alerts(Forbes) Resolving alerts without accepting risk requires resolving every alert without crippling the effectiveness of security tools by changing alert thresholds or ignoring security events.
The Fractured Future of Browser Privacy(Wired) Better anti-tracking measures have become the norm for Chrome, Firefox, Safari, and other modern browsers. But they still disagree on how exactly they should work.
Cyber Hawks team cracks NSA codebreaker challenge
(Dahlonega Nugget) As computer scientists representing 532 universities across the United States competed to crack the latest NSA Codebreaker challenge, UNG proved to be a consistent force in the world of cyber secur
No Huawei ‘Smoking Gun’ in Europe, French Cyber Chief Says(Yahoo) France’s cybersecurity chief said his agency hasn’t uncovered any evidence of Huawei Technologies Co. spying via Europe’s communications networks, shrugging off U.S. and German concerns.Guillaume Poupard, the head of the national cybersecurity agency ANSSI, spoke following reports of a
Brexit to Add Sanctions Compliance Complexity (Wall Street Journal) Britain is set to officially withdraw its membership from the European Union on Friday, but EU regulations still apply during the transitional period until Dec. 31.
The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It(Center for Internet and Society) There’s a new bill afoot in Congress called the EARN IT Act. A “discussion draft” released by Bloomberg is available as a PDF here. This bill is trying to convert your anger at Big Tech into law enforcement’s long-desired dream of banning strong encryption. It is a bait-and-switch. Don’t fall for it.
AIG must cover client's $5.9 million in cyber-related losses, judge rules(CyberScoop) Insurance giant AIG must cover nearly $6 million in losses for a client that was fleeced by an email scam carried out by suspected Chinese hackers, a federal court has decided. A judge in the Southern District of New York ruled Wednesday that AIG was in breach of contract when it previously denied a claim from SS&C Technologies, a $6 billion financial technology firm.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
LBC2(Towson, Maryland, USA, January 7, 2020) The third annual Loyola Blakefield Cyber Challenge is an exciting event for all participants. It will take place on March 7, 2020 at Loyola Blakefield High School. The challenge is created by students...
IFSEC 2020(London, England, UK, May 19 - 21, 2020) IFSEC presents up-to-date information on the newest products, emerging trends and best practices in the safety and security industry, and access control. You will see established and emerging companies...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.