BadRabbit hops out of Petya's warren (expect it to multiply). DUHK hunting. Kaspersky says NSA employee backdoored his own device.

Atlanta: the ICS Security Conference

The Iranians know about the lack of security in Level 0,1 devices (Control Global) Early yesterday morning, I received a Linked-in “Like” of my Defcon presentation on the lack of ICS cyber security of Level 0,1 devices from a Senior Technical Support Engineer from an infrastructure company in IRAN.

Industrial and Critical Infrastructure Networks Are Ripe Targets for Cyberattackers, According to New Risk Data from CyberX (PRNewswire) CyberX, the industrial cybersecurity company safeguarding ICS infrastructures...

Cyber Attacks, Threats, and Vulnerabilities

Multiple Ransomware Infections Reported (US-CERT) US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world.

New wave of cyber attacks hits Russia, other nations (Reuters) Cyber attacks using malware called "BadRabbit" hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine's Odessa airport.

BadRabbit ransomware attacks multiple media outlets (CSO Online) On Tuesday, Russian media outlet Interfax said in a statement their servers were offline, due to a virus attack. The news agency shifted their reporting efforts to Facebook while they work to recover. A short time later, Russian security firm Group-IB posted a screenshot of the ransomware in action, calling it BadRabbit. Here's everything that's known so far.

'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond (Dark Reading) Attack employs new version of infamous NotPetya ransomware used in June attacks on Ukraine targets.

BadRabbit Ransomware Attacks Hitting Russia, Ukraine (Threatpost) A ransomware attack called BadRabbit has put a halt to business inside a handful of Russian and Ukrainian businesses.

New Ransomware ‘Bad Rabbit’ Spreading Quickly Through Russia and Ukraine (Motherboard) There’s a potentially massive new ransomware spreading in eastern Europe.

New malware 'BadRabbit' strain attacks hit Russia, other nations (CRN Australia) Is 'BadRabbit' the new NotPetya?

Bad Rabbit ransomware outbreak (Naked Security) The Bad Rabbit ransomware outbreak is spreading into Europe from Russia

BadRabbit ransomware spreading in Russia and the Ukraine, vaccine posted (SC Media US) Several Russian news agencies and other targets in the Ukraine have reportedly being hit with cyberattacks, which the security firm GroupIB believes to be based on a new variant of Petya called BadRabbit.

An Aftershock of NotPetya Ransomware Sweeps Russia and Ukraine (WIRED) "BadRabbit," linked to the authors of NotPetya, hits hundreds of victims, including subways, an airport, and media firms.

Ukraine airport says tightened security after cyber attack (Reuters) Ukraine's Odessa airport said on Tuesday it had tightened security measures after being hit by a cyber attack, while the metro system in Kiev also reported a hack on its payment system.

Kaspersky detects Lazarus-controlled servers in India (The Economic Times) Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor's global command and control infrastructure, the software company said.

Kim Jong-un could attack the West without firing a missile (NewsComAu) NORTH KOREA is capable of unleashing a chaotic attack on Australia or the United States without launching a single missile.

Reaper, a massive new botnet, is a cyberattack waiting to happen (ZDNet) Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack.

Reaper IoT Botnet (eSentire Managed Detection and Response) Researchers have discovered a large “Internet of Things” (IoT) botnet with similarities to Mirai. Known as “IoT Troop” or “Reaper”, this threat targets IoT devices by exploiting vulnerabilities on internet connected devices such as IP cameras and consumer grade routers.

DUHK attack recovers secret keys from Fortinet devices (iTnews) "Absurd" flaw in government-certified crypto.

DUHK Attack Exposes Gaps in FIPS Certification (Threatpost) The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process.

DUHK attack, continuing a week of named issues (SANS Internet Storm Center) DUHK (Don't Use Hard-coded Keys) is an attack that exploits devices that use the ANSI X9.31 Random Number Generator and have a hard-coded key. Turns out that hard-coded crypto keys are not that uncommon in products.

FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection (HackRead) The FIN7 hacking group has been targeting organizations from the retail sector of late, and Security Research Team from ICEBERG was busy tracking the activ

Nearly undetectable Microsoft Office exploit installs malware without an email attachment (TechRepublic) Security firm Sophos uncovered a zero day exploit that targets a 24-year-old data exchange protocol, and it can be used to silently attack machines with very little means of detection.

Banking Trojan Uses Malware Macros to Evade Sandbox Detection (Security Intelligence) Security researchers observed a spam campaign that leverages PowerShell's AutoClose feature to deliver a banking Trojan while eluding sandbox detection.

Magnitude EK Targets South Korea with Language-Specific Ransomware (Infosecurity Magazine) The Magniber ransomware payload won’t execute if the system language is not Korean.

Dell Lost Control of Key Customer Support Domain for a Month in 2017 (KrebsOnSecurity) A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned.

APNIC Whois Database Password Hashes Were Available for Download (BleepingComputer) The Asia-Pacific Network Information Centre (APNIC), the organization that manages domain name information for the Asia-Pacific region, fixed on Monday an error that exposed password hashes needed to access and edit domain ownership details.

Offshore Law Firm Braces for Publicity Bombshell After Security Incident (Infosecurity Magazine) Offshore Law Firm Braces for Publicity Bombshell After Security Incident. Appleby’s clients include super rich and large corporations

Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers (Gizmodo) Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases.

Cyber Trends

Immersive technologies are game changers for cybersecurity job growth (Help Net Security) 74% say that the use of gaming and VR technology in the fight against cybercrime would increase the likelihood of them pursuing a cybersecurity career.

Modern Cybersecurity Totally Futile in Quantum Computing Era (MarketWatch) Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept.

GDPR and Reputation Loss Bother Businesses (Infosecurity Magazine) 39% of European respondents identified GDPR as a business risk, compared to PCI DSS and ISO 27001/2.

Marketplace

DoD acquisition ‘slow by design,’ can’t handle cybersecurity defense (FederalNewsRadio.com) It's designed to develop weapons systems while holding to competition, transparency and integrity, but it can’t keep up with cybersecurity defense.

Fifth annual survey by Raytheon, Forcepoint and NCSA finds young adults' interest in cybersecurity careers stagnant (Business Insider) An annual survey commissioned by Raytheon Intelligence, Information and Services, Forcepoint and the National Cyber Security Alliance (NCSA) revealed that despite increased awareness of what a career in cybersecurity might look like, millennials remain unprepared for and uninterested in pursuing a career in the field.

Why one top cybersecurity official thinks millennials aren't flocking to her industry (Washington Business Journal) Government contracting executives say the lack of trained cybersecurity talent among millennials could turn into a national security issue.

Women in Cybersecurity DC Event (null) Diversity in the workforce and being able to support other women in the security field are really important initiatives. Diversity drives creativity and innovation, and companies that support diversity tend to grow, expand, remain competitive, and deliver more meaningful solutions to the marketplace.

Skybox Security Raises $150 Million Led by CVC Capital Partners' Growth Fund with Participation from Pantheon (Globe Newswire) Skybox(TM) Security, a global leader in cybersecurity management, announced today the company signed a definitive agreement to receive a $150 million growth equity investment led by CVC Capital Partners' Growth Fund (CVC Growth) for $100 million, with participation from Pantheon for $50 million.

Kevin Mitnick’s ransomware defense firm, KnowBe4, gets $30M investment (CSO Online) Kevin Mitnick's firm KnowBe4 has secured a $30 million investment led by Goldman Sachs.

How empathy carried Duo Security to a $1 billion valuation (Concentrate) Duo raised $70 million in a recent round of financing, placing the company among the small handful of venture-backed private companies worth $1 billion or more.

Armed with $180M in VC funding, cybersecurity firm Darktrace expands to Ottawa (Ottawa Business Journal) As cybersecurity threats spread like the flu, an international firm claiming to be the cure has expanded its operations to Ottawa.

Averon Banks $8.3 Million, Promises 'Frictionless' Mobile Authentication (eSecurity Planet) San Francisco-based Averon, a mobile authentication startup, announced today that it had secured $8.3 million in an Avalon Ventures-led Series A round of funding.

Early and growth stage cyber technology companies to benefit from new collaboration between VT Partners and Paladin Capital (ResponseSource Press Release Wire) Paladin announces former Carlyle Group Director Nazo Moosa as its new Senior Strategic Partner Europe in a unique collaboration with VT Partners.

Netonomy wants to win in the race to secure the smart home (Stacey on IoT) This week’s KRACK vulnerability brought to light many of the fears around connected gadgets proliferating in our homes. Perhaps the biggest one being that such gadgets could lead to some epic secur…

Products, Services, and Solutions

Legal hackback lets you go after attackers in your network (CSO Online) Security startup Cymmetria has put together a tool and a framework to help security defenders hackback legally as part of incident response activities.

TCS, Palo Alto Networks offer public cloud security (The Economic Times) TCS' global Security Operations Centres will be leveraged to monitor advanced cyberthreats and secure organisations against malicious cyberattacks.

Kromtech launches tool to identify and prevent Amazon cloud server leaks (Healthcare IT News) In response to the influx of data breaches caused by misconfigured cloud databases, the security firm has developed a tool that will let administrators check if their bucket is inadvertently being shared with the public.

Netskope Context-Aware Information Rights Management Program Provides Protection That Follows the Data (PRNewswire) Netskope, the leader in cloud security, today announced the Netskope...

Cygilant Launches New Vulnerability and Patch Management Subscription Service to Support and Equip Lean IT Teams to Effectively Stop Cyber Threats and Exploits (PRWeb) Cygilant’s industry-first ‘One Vendor’ approach to vulnerability and patch management aims to streamline workflows; speeding cyber threat response times and lowering cost of ownership

CRN Exclusive: Tenable Unveils New Partner Program To Help Customers Bridge Their 'Cyber Exposure' Gap (CRN) Tenable on Tuesday launched its Cyber Exposure partner ecosystem, which the company hopes will help customers battle cyber exposure gap as they adopt new technologies like cloud and IoT.

ThreatMetrix, ID.me to partner on government ID services (Security Document World) ThreatMetrix, The Digital Identity Company and ID.me announced a new partnership to deliver integrated identity verification solutions for government and commercial clients.

Ledger, Intel Partner to Boost Blockchain App Security (Block Tribune) Blockchain firm Ledger has teamed with Intel to provide a secure solution for storing digital assets.

Amazon debuts Cloud Cam and Key to take on Nest, August and others in home security (TechCrunch) Amazon wants to be the hub for your connected home, and today the company announced two new products that will help it fill out that ambition, specifically in..

Technologies, Techniques, and Standards

Google: This surge in Chrome HTTPS traffic shows how much safer you now are online (ZDNet) Google's HTTPS-everywhere push is showing results in page loads on Chrome.

Services Ponder How to Train Like They Fight for Cyber (SIGNAL Magazine) The U.S. military must find ways to educate its ranks to respond to cyberthreats.

Legislation, Policy, and Regulation

Putin Will Require Cryptocurrency Miners to Register With the Government in 2018 (Motherboard) After months of conflicting statements, Russia has finally outlined its plan for cryptocurrencies.

Senate Intel advances surveillance reform bill (TheHill) The Senate Intelligence Committee on Tuesday voted to advance a proposal to reform the National Security Agency's (NSA) warrantless surveillance...

Protecting Our Electoral Security - Georgetown Public Policy Review (Georgetown Public Policy Review) Cybersecurity has become an increasingly salient topic in the realm of national defense. The reliance on technology for military, intelligence, and domestic infrastructure has made the disruptive potential of cyber-attacks for national security greater than ever. Elections are uniquely at risk. The aftermath of 2016 highlighted the importance of cybersecurity in election integrity. Almost four-fifths...

Facing Prospect of Regulation, Twitter Plans Ad Disclosures (WIRED) As lawmakers discuss new rules for political ads, Twitter says it will reveal who's paying for ads and who's being targeted.

Political ads on Twitter will now be labeled with lots of spending data (Ars Technica) Follows mounting congressional pressure about social media ads and disclosure.

Legislative Efforts in the Wake of Maritime Cyberattacks (The Maritime Executive) In June the maritime industry experienced what many consider a particularly insidious form of cyber attack known as GPS Spoofing, where global

Consumer Group Calls for Changes to Data Protection Bill (Infosecurity Magazine) Consumer Group Calls for Changes to Data Protection Bill. Which? wants to make it easier for Brits to seek redress in event of a breach

Litigation, Investigation, and Law Enforcement

Worker who snuck NSA malware home had his PC backdoored, Kaspersky says (Ars Technica) Kaspersky presses its case it didn't knowingly help Russia steal NSA secrets.

How Kaspersky Lab got on the US government's bad side (CNET) Here's what we know so far about the investigation into the cybersecurity firm's ties to Russia.

Kaspersky CEO defends security products, claims innocence (CIO Dive) The Russian security firm claimed that the recent allegations seem to be rooted in damaging the security software provider's reputation without the opportunity of due process.

Equifax Faces U.K. Regulatory Investigation Over Cyber Attack (Bloomberg) The U.K. Financial Conduct Authority opened an investigation into the hack of credit reporting company Equifax Ltd. that saw personal data stolen from at least 143 million people.

Spy fears over lost security manual (Australian) Defence giant BAE Systems Australia has become embroiled in an embarrassing blunder after admitting it lost a 1000-page manual that contained draft ­details of Parliament House’s ­security overhaul.

Report reveals ‘6 personas’ of money launderers (Lawyers Weekly) An international security company has analysed the characteristics of people involved in the various stages of money laundering, with a view to helping businesses stamp out the criminal practice.

Agencies get involved in Connecticut Cyber Task Force (LMT online) The state of Connecticut now has a task force that’s sole mission is to investigate crimes in cyberspace, according to the Department of Justice.

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Transport Security & Safety Expo (Washington, DC, USA, Jun 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, Dec 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, Dec 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, Dec 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, Nov 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, Nov 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

AutoMobility LA (Los Angeles, California, USA, Nov 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, Nov 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

Aviation Cyber Security (London, England, UK, Nov 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, Nov 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Federal IT Security Conference (Columbia, Maryland, USA, Nov 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, Nov 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

Fourth Annual JLCW Conference (New York, New York, USA, Nov 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

SINET Showcase 2017 (Washington, DC, USA, Nov 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.

CyCon US (Washington, DC, USA, Nov 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.