Our thanks to all the Patrons who've been so generous in their support of the CyberWire. We're happy to have added a new benefit this week: members of the Producer's Circle now receive exclusive access to our new Quarterly Report, which is a way-better membership benefit than that boxed set of Ed Snowden's pensées on VHS the ShadowBrokers are probably offering (we're not sure—the phone lines don't appear to be open). If you'd like to see a sample of the Quarterly Report (redacted, of course, because the Patrons' access is exclusive, and we're an honest shop), this is it. And thanks again, Patrons.
Another unsecured AWS S3 bucket. FedEx says some NotPetya damage may be permanent. Initial coin offering hacked. Voting security initiative announced at Harvard's Belfer Center. Game of Thrones virus in Pirate Bay torrents? DHS, Commerce, consider anti-botnet "moonshot." Industry notes.
Another unsecured Amazon Web Services S3 bucket is found. This one belongs to Dow Jones, which says 2.2 million customers were affected. Security firm UpGuard offers a higher estimate, suggesting the possibility that around four million records were exposed.
A 10-K filing from FedEx says that the shipping company doesn't yet know how long it will take to restore systems affected by the NotPetya attack, and that it's possible the company's TNT unit—the one directly affected—may be unable to "fully restore all of the affected systems and recover all of the critical business data" the attack hit.
Cybercriminals hacked Israeli cryptocurrency start-up CoinDash's initial coin offering, stealing many of the tokens on sale. If the crooks cash out intelligently, they may go uncaught.
If you were planning to illegally stream Game of Thrones, think twice—there are reports of a virus targeting you lurking in Pirate Bay torrents.
In the US, a bipartisan initiative to secure electronic voting spins up at Harvard's Belfer Center. It's led by former Clinton and Romney presidential campaign managers; its advisors include security leads from Facebook, Google, and CrowdStrike.
The US Departments of Homeland Security and Commerce have commissioned studies looking into the possibility of a "moonshot" challenge for combatting botnets.
In industry news, Awake Security emerges from stealth with $31 million in funding (its technology has been compared to near-unicorn Darktrace). ScaleFT closes a $2 million seed round. And Rapid7 announces its acquisition of security orchestration start-up Komand for an undisclosed amount.
Today's issue includes events affecting Australia, Brazil, China, European Union, Iraq, Germany, Malaysia, New Zealand, Peru, Russia, Singapore, Ukraine, United Kingdom, and United States.
Artificial intelligence is key to making sense of big data and scaling security data analytics. The “spray and pray” shotgun approach is too expensive and too imprecise to combat advanced attacks. So how do you harness the power of AI to increase precision and to proactively stay ahead of advanced attacks? How do you evaluate threat hunting tools? Join an online fireside chat with guests Josh Zelonis and Stephen Pieraldi to get the answers.